16 files changed, 0 insertions, 1972 deletions
diff --git a/eBones/man/acl_check.3 b/eBones/man/acl_check.3
deleted file mode 100644
index 2e5129c..0000000
--- a/eBones/man/acl_check.3
+++ /dev/null
@@ -1,183 +0,0 @@
-.\" from: acl_check.3,v 4.1 89/01/23 11:06:54 jtkohl Exp $
-.\" $Id: acl_check.3,v 1.1.1.1 1994/09/30 14:50:05 csgr Exp $
-.\" Copyright 1989 by the Massachusetts Institute of Technology.
-.\"
-.\" For copying and distribution information,
-.\" please see the file <Copyright.MIT>.
-.\"
-.TH ACL_CHECK 3 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-acl_canonicalize_principal, acl_check, acl_exact_match, acl_add,
-acl_delete, acl_initialize \- Access control list routines
-.SH SYNOPSIS
-.nf
-.nj
-.ft B
-cc <files> \-lacl \-lkrb
-.PP
-.ft B
-#include <kerberosIV/krb.h>
-.PP
-.ft B
-acl_canonicalize_principal(principal, buf)
-char *principal;
-char *buf;
-.PP
-.ft B
-acl_check(acl, principal)
-char *acl;
-char *principal;
-.PP
-.ft B
-acl_exact_match(acl, principal)
-char *acl;
-char *principal;
-.PP
-.ft B
-acl_add(acl, principal)
-char *acl;
-char *principal;
-.PP
-.ft B
-acl_delete(acl, principal)
-char *acl;
-char *principal;
-.PP
-.ft B
-acl_initialize(acl_file, mode)
-char *acl_file;
-int mode;
-.fi
-.ft R
-.SH DESCRIPTION
-.SS Introduction
-.PP
-An access control list (ACL) is a list of principals, where each
-principal is represented by a text string which cannot contain
-whitespace.  The library allows application programs to refer to named
-access control lists to test membership and to atomically add and
-delete principals using a natural and intuitive interface.  At
-present, the names of access control lists are required to be Unix
-filenames, and refer to human-readable Unix files; in the future, when
-a networked ACL server is implemented, the names may refer to a
-different namespace specific to the ACL service.
-.PP
-.SS Principal Names
-.PP
-Principal names have the form
-.nf
-.in +5n
-<name>[.<instance>][@<realm>]
-.in -5n
-e.g.:
-.in +5n
-asp
-asp.root
-asp@ATHENA.MIT.EDU
-asp.@ATHENA.MIT.EDU
-asp.root@ATHENA.MIT.EDU
-.in -5n
-.fi
-It is possible for principals to be underspecified.  If an instance is
-missing, it is assumed to be "".  If realm is missing, it is assumed
-to be the local realm as determined by
-.IR krb_get_lrealm (3).
-The canonical form contains all of name, instance,
-and realm; the acl_add and acl_delete routines will always
-leave the file in that form.  Note that the canonical form of
-asp@ATHENA.MIT.EDU is actually asp.@ATHENA.MIT.EDU.
-.SS Routines
-.PP
-.I acl_canonicalize_principal
-stores the canonical form of 
-.I principal
-in 
-.IR buf .
-.I Buf
-must contain enough
-space to store a principal, given the limits on the sizes of name,
-instance, and realm specified as ANAME_SZ, INST_SZ, and REALM_SZ,
-respectively, in
-.IR /usr/include/kerberosIV/krb.h .
-.PP
-.I acl_check
-returns nonzero if
-.I principal
-appears in 
-.IR acl .
-Returns 0 if principal
-does not appear in acl, or if an error occurs.  Canonicalizes
-principal before checking, and allows the ACL to contain wildcards.  The
-only supported wildcards are entries of the form
-name.*@realm, *.*@realm, and *.*@*.  An asterisk matches any value for the
-its component field.  For example, "jtkohl.*@*" would match principal
-jtkohl, with any instance and any realm.
-.PP
-.I acl_exact_match
-performs like 
-.IR acl_check ,
-but does no canonicalization or wildcard matching.
-.PP
-.I acl_add
-atomically adds 
-.I principal
-to 
-.IR acl .
-Returns 0 if successful, nonzero otherwise.  It is considered a failure
-if
-.I principal
-is already in 
-.IR acl .
-This routine will canonicalize
-.IR principal ,
-but will treat wildcards literally.
-.PP
-.I acl_delete
-atomically deletes 
-.I principal
-from 
-.IR acl .
-Returns 0 if successful,
-nonzero otherwise.  It is considered a failure if 
-.I principal
-is not
-already in 
-.IR acl .
-This routine will canonicalize 
-.IR principal ,
-but will treat wildcards literally.
-.PP
-.I acl_initialize
-initializes
-.IR acl_file .
-If the file 
-.I acl_file
-does not exist,
-.I acl_initialize
-creates it with mode
-.IR mode .
-If the file
-.I acl_file
-exists,
-.I acl_initialize
-removes all members.  Returns 0 if successful,
-nonzero otherwise.  WARNING: Mode argument is likely to change with
-the eventual introduction of an ACL service.  
-.SH NOTES
-In the presence of concurrency, there is a very small chance that
-.I acl_add
-or
-.I acl_delete
-could report success even though it would have
-had no effect.  This is a necessary side effect of using lock files
-for concurrency control rather than flock(2), which is not supported
-by NFS.
-.PP
-The current implementation caches ACLs in memory in a hash-table
-format for increased efficiency in checking membership; one effect of
-the caching scheme is that one file descriptor will be kept open for
-each ACL cached, up to a maximum of 8.
-.SH SEE ALSO
-kerberos(3), krb_get_lrealm(3)
-.SH AUTHOR
-James Aspnes (MIT Project Athena)
diff --git a/eBones/man/ext_srvtab.8 b/eBones/man/ext_srvtab.8
deleted file mode 100644
index 565c3a3..0000000
--- a/eBones/man/ext_srvtab.8
+++ /dev/null
@@ -1,62 +0,0 @@
-.\" from: ext_srvtab.8,v 4.2 89/07/18 16:53:18 jtkohl Exp $
-.\" $Id: ext_srvtab.8,v 1.1.1.1 1994/09/30 14:50:05 csgr Exp $
-.\" Copyright 1989 by the Massachusetts Institute of Technology.
-.\"
-.\" For copying and distribution information,
-.\" please see the file <Copyright.MIT>.
-.\"
-.TH EXT_SRVTAB 8 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-ext_srvtab \- extract service key files from Kerberos key distribution center database
-.SH SYNOPSIS
-ext_srvtab [
-.B \-n
-] [
-.B \-r realm
-] [
-.B hostname ...
-]
-.SH DESCRIPTION
-.I ext_srvtab
-extracts service key files from the Kerberos key distribution center
-(KDC) database.
-.PP
-Upon execution, it prompts the user to enter the master key string for
-the database.  If the
-.B \-n
-option is specified, the master key is instead fetched from the master
-key cache file.
-.PP
-For each
-.I hostname
-specified on the command line, 
-.I ext_srvtab
-creates the service key file
-.IR hostname -new-srvtab,
-containing all the entries in the database with an instance field of
-.I hostname.
-This new file contains all the keys registered for Kerberos-mediated
-service providing programs which use the 
-.IR krb_get_phost (3)
-principal and instance conventions to run on the host
-.IR hostname .
-If the
-.B \-r
-option is specified, the realm fields in the extracted file will
-match the given realm rather than the local realm.
-.SH DIAGNOSTICS
-.TP 20n
-"verify_master_key: Invalid master key, does not match database."
-The master key string entered was incorrect.
-.SH FILES
-.TP 20n
-/etc/kerberosIV/principal.db
-DBM file containing database
-.TP
-/etc/kerberosIV/principal.ok
-Semaphore indicating that the DBM database is not being modified.
-.TP
-/etc/kerberosIV/master_key
-Master key cache file.
-.SH SEE ALSO
-read_service_key(3), krb_get_phost(3)
diff --git a/eBones/man/kadmind.8 b/eBones/man/kadmind.8
deleted file mode 100644
index 1eb10d7..0000000
--- a/eBones/man/kadmind.8
+++ /dev/null
@@ -1,117 +0,0 @@
-.\" from: kadmind.8,v 4.1 89/07/25 17:28:33 jtkohl Exp $
-.\" $Id: kadmind.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $
-.\" Copyright 1989 by the Massachusetts Institute of Technology.
-.\"
-.\" For copying and distribution information,
-.\" please see the file <Copyright.MIT>.
-.\"
-.TH KADMIND 8 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-kadmind \- network daemon for Kerberos database administration
-.SH SYNOPSIS
-.B kadmind
-[
-.B \-n
-] [
-.B \-h
-] [
-.B \-r realm
-] [
-.B \-f filename
-] [
-.B \-d dbname
-] [
-.B \-a acldir
-]
-.SH DESCRIPTION
-.I kadmind
-is the network database server for the Kerberos password-changing and
-administration tools.
-.PP
-Upon execution, it prompts the user to enter the master key string for
-the database.
-.PP
-If the
-.B \-n
-option is specified, the master key is instead fetched from the master
-key cache file.
-.PP
-If the
-.B \-r
-.I realm
-option is specified, the admin server will pretend that its
-local realm is 
-.I realm
-instead of the actual local realm of the host it is running on.
-This makes it possible to run a server for a foreign kerberos
-realm.
-.PP
-If the
-.B \-f
-.I filename
-option is specified, then that file is used to hold the log information
-instead of the default.
-.PP
-If the
-.B \-d
-.I dbname
-option is specified, then that file is used as the database name instead
-of the default.
-.PP
-If the
-.B \-a
-.I acldir
-option is specified, then
-.I acldir
-is used as the directory in which to search for access control lists
-instead of the default.
-.PP
-If the
-.B \-h
-option is specified,
-.I kadmind
-prints out a short summary of the permissible control arguments, and
-then exits.
-.PP
-When performing requests on behalf of clients,
-.I kadmind
-checks access control lists (ACLs) to determine the authorization of the client
-to perform the requested action.
-Currently three distinct access types are supported:
-.TP 1i
-Addition
-(.add ACL file).  If a principal is on this list, it may add new
-principals to the database.
-.TP
-Retrieval
-(.get ACL file).  If a principal is on this list, it may retrieve
-database entries.  NOTE:  A principal's private key is never returned by
-the get functions.
-.TP
-Modification
-(.mod ACL file).  If a principal is on this list, it may modify entries
-in the database.
-.PP
-A principal is always granted authorization to change its own password.
-.SH FILES
-.TP 20n
-/var/log/kadmind.syslog
-Default log file.
-.TP 
-/etc/kerberosIV/admin_acl.{add,get,mod}
-Access control list files
-.TP
-/etc/kerberosIV/principal.db
-DBM file containing database
-.TP
-/etc/kerberosIV/principal.ok
-Semaphore indicating that the DBM database is not being modified.
-.TP
-/etc/kerberosIV/master_key
-Master key cache file.
-.SH "SEE ALSO"
-kerberos(1), kpasswd(1), kadmin(8), acl_check(3)
-.SH AUTHORS
-Douglas A. Church, MIT Project Athena
-.br
-John T. Kohl, Project Athena/Digital Equipment Corporation
diff --git a/eBones/man/kdb_destroy.8 b/eBones/man/kdb_destroy.8
deleted file mode 100644
index 2e57876..0000000
--- a/eBones/man/kdb_destroy.8
+++ /dev/null
@@ -1,36 +0,0 @@
-.\" from: kdb_destroy.8,v 4.1 89/01/23 11:08:02 jtkohl Exp $
-.\" $Id: kdb_destroy.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $
-.\" Copyright 1989 by the Massachusetts Institute of Technology.
-.\"
-.\" For copying and distribution information,
-.\" please see the file <Copyright.MIT>.
-.\"
-.TH KDB_DESTROY 8 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-kdb_destroy \- destroy Kerberos key distribution center database
-.SH SYNOPSIS
-kdb_destroy
-.SH DESCRIPTION
-.I kdb_destroy
-deletes a Kerberos key distribution center database.
-.PP
-The user is prompted to verify that the database should be destroyed.  A
-response beginning with `y' or `Y' confirms deletion.
-Any other response aborts deletion.
-.SH DIAGNOSTICS
-.TP 20n
-"Database cannot be deleted at /kerberos/principal"
-The attempt to delete the database failed (probably due to a system or
-access permission error).
-.TP
-"Database not deleted."
-The user aborted the deletion.
-.SH FILES
-.TP 20n
-/etc/kerberosIV/principal.db
-DBM file containing database
-.TP
-/etc/kerberosIV/principal.ok
-Semaphore indicating that the DBM database is not being modified.
-.SH SEE ALSO
-kdb_init(8)
diff --git a/eBones/man/kdb_edit.8 b/eBones/man/kdb_edit.8
deleted file mode 100644
index 44a0fa6..0000000
--- a/eBones/man/kdb_edit.8
+++ /dev/null
@@ -1,58 +0,0 @@
-.\" from: kdb_edit.8,v 4.1 89/01/23 11:08:55 jtkohl Exp $
-.\" $Id: kdb_edit.8,v 1.2 1995/02/08 10:54:20 jkh Exp $
-.\" Copyright 1989 by the Massachusetts Institute of Technology.
-.\"
-.\" For copying and distribution information,
-.\" please see the file <Copyright.MIT>.
-.\"
-.TH KDB_EDIT 8 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-kdb_edit \-  Kerberos key distribution center database editing utility
-.SH SYNOPSIS
-kdb_edit [
-.B \-n
-]
-.SH DESCRIPTION
-.I kdb_edit
-is used to create or change principals stored in the Kerberos key
-distribution center (KDC) database.
-.PP
-When executed,
-.I kdb_edit
-prompts for the master key string and verifies that it matches the
-master key stored in the database.
-If the
-.B \-n
-option is specified, the master key is instead fetched from the master
-key cache file.
-.PP
-Once the master key has been verified,
-.I kdb_edit
-begins a prompt loop.  The user is prompted for the principal and
-instance to be modified.  If the entry is not found the user may create
-it.
-Once an entry is found or created, the user may set the password,
-expiration date, maximum ticket lifetime, and attributes.
-Default expiration dates, maximum ticket lifetimes, and attributes are
-presented in brackets; if the user presses return the default is selected.
-There is no default password.
-The password "RANDOM" and an empty password are interpreted specially,
-if entered the user may have the program select a random DES key for the
-principal.
-.PP
-Upon successfully creating or changing the entry, ``Edit O.K.'' is
-printed.
-.SH DIAGNOSTICS
-.TP 20n
-"verify_master_key: Invalid master key, does not match database."
-The master key string entered was incorrect.
-.SH FILES
-.TP 20n
-/etc/kerberosIV/principal.db
-DBM file containing database
-.TP
-/etc/kerberosIV/principal.ok
-Semaphore indicating that the DBM database is not being modified.
-.TP
-/etc/kerberosIV/master_key
-Master key cache file.
diff --git a/eBones/man/kdb_init.8 b/eBones/man/kdb_init.8
deleted file mode 100644
index d884d00..0000000
--- a/eBones/man/kdb_init.8
+++ /dev/null
@@ -1,45 +0,0 @@
-.\" from: kdb_init.8,v 4.1 89/01/23 11:09:02 jtkohl Exp $
-.\" $Id: kdb_init.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $
-.\" Copyright 1989 by the Massachusetts Institute of Technology.
-.\"
-.\" For copying and distribution information,
-.\" please see the file <Copyright.MIT>.
-.\"
-.TH KDB_INIT 8 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-kdb_init \- Initialize Kerberos key distribution center database
-.SH SYNOPSIS
-kdb_init [ 
-.B realm
-]
-.SH DESCRIPTION
-.I kdb_init
-initializes a Kerberos key distribution center database, creating the
-necessary principals.
-.PP
-If the optional
-.I realm
-argument is not present,
-.I kdb_init
-prompts for a realm name (defaulting to the definition in
-/usr/include/kerberosIV/krb.h).
-After determining the realm to be created, it prompts for
-a master key password.  The master key password is used to encrypt
-every encryption key stored in the database.
-.SH DIAGNOSTICS
-.TP 20n
-"/etc/kerberosIV/principal: File exists"
-An attempt was made to create a database on a machine which already had
-an existing database.
-.SH FILES
-.TP 20n
-/etc/kerberosIV/principal.db
-DBM file containing database
-.TP
-/etc/kerberosIV/principal.ok
-Semaphore indicating that the DBM database is not being modified.
-.TP
-/usr/include/kerberosIV/krb.h
-Include file defining default realm
-.SH SEE ALSO
-kdb_destroy(8)
diff --git a/eBones/man/kdb_util.8 b/eBones/man/kdb_util.8
deleted file mode 100644
index 4183ef3..0000000
--- a/eBones/man/kdb_util.8
+++ /dev/null
@@ -1,64 +0,0 @@
-.\" from: kdb_util.8,v 4.1 89/01/23 11:09:11 jtkohl Exp $
-.\" $Id: kdb_util.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $
-.\" Copyright 1989 by the Massachusetts Institute of Technology.
-.\"
-.\" For copying and distribution information,
-.\" please see the file <Copyright.MIT>.
-.\"
-.TH KDB_UTIL 8 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-kdb_util \-  Kerberos key distribution center database utility
-.SH SYNOPSIS
-kdb_util 
-.B operation filename
-.SH DESCRIPTION
-.I kdb_util
-allows the Kerberos key distribution center (KDC) database administrator to
-perform utility functions on the database.
-.PP
-.I Operation
-must be one of the following:
-.TP 10n
-.I load
-initializes the KDC database with the records described by the
-text contained in the file
-.IR filename .
-Any existing database is overwritten.
-.TP
-.I dump
-dumps the KDC database into a text representation in the file
-.IR filename .
-.TP
-.I slave_dump
-performs a database dump like the
-.I dump
-operation, and additionally creates a semaphore file signalling the
-propagation software that an update is available for distribution to
-slave KDC databases.
-.TP
-.I new_master_key
-prompts for the old and new master key strings, and then dumps the KDC
-database into a text representation in the file
-.IR filename .
-The keys in the text representation are encrypted in the new master key.
-.TP
-.I convert_old_db
-prompts for the master key string, and then dumps the KDC database into
-a text representation in the file
-.IR filename .
-The existing database is assumed to be encrypted using the old format
-(encrypted by the key schedule of the master key); the dumped database
-is encrypted using the new format (encrypted directly with master key).
-.PP
-.SH DIAGNOSTICS
-.TP 20n
-"verify_master_key: Invalid master key, does not match database."
-The master key string entered was incorrect.
-.SH FILES
-.TP 20n
-/etc/kerberosIV/principal.db
-DBM file containing database
-.TP
-.IR filename .dump_ok
-semaphore file created by
-.IR slave_dump.
diff --git a/eBones/man/klist.1 b/eBones/man/klist.1
deleted file mode 100644
index af7e31a..0000000
--- a/eBones/man/klist.1
+++ /dev/null
@@ -1,84 +0,0 @@
-.\" from: klist.1,v 4.8 89/01/24 14:35:09 jtkohl Exp $
-.\" $Id: klist.1,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $
-.\" Copyright 1989 by the Massachusetts Institute of Technology.
-.\"
-.\" For copying and distribution information,
-.\" please see the file <Copyright.MIT>.
-.\"
-.TH KLIST 1 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-klist \- list currently held Kerberos tickets
-.SH SYNOPSIS
-.B klist
-[
-\fB\-s \fR|\fB \-t\fR
-] [
-.B \-file
-name ] [
-.B \-srvtab
-]
-.br
-.SH DESCRIPTION
-.I klist
-prints the name of the tickets file and the
-identity of the principal the tickets are for (as listed in the
-tickets file), and 
-lists the principal names of all Kerberos tickets currently held by
-the user, along with the issue and expire time for each authenticator.
-Principal names are listed in the form
-.I name.instance@realm,
-with the '.' omitted if the instance is null,
-and the '@' omitted if the realm is null.
-
-If given the
-.B \-s
-option,
-.I klist
-does not print the issue and expire times, the name of the tickets file,
-or the identity of the principal.
-
-If given the
-.B \-t
-option, 
-.B klist
-checks for the existence of a non-expired ticket-granting-ticket in the
-ticket file.  If one is present, it exits with status 0, else it exits
-with status 1.  No output is generated when this option is specified. 
-
-If given the
-.B \-file
-option, the following argument is used as the ticket file.
-Otherwise, if the
-.B KRBTKFILE
-environment variable is set, it is used.
-If this environment variable
-is not set, the file
-.B /tmp/tkt[uid]
-is used, where
-.B uid
-is the current user-id of the user.
-
-If given the
-.B \-srvtab
-option, the file is treated as a service key file, and the names of the
-keys contained therein are printed.  If no file is
-specified with a
-.B \-file
-option, the default is
-.IR /etc/kerberosIV/srvtab .
-.SH FILES
-.TP 2i
-/etc/kerberosIV/krb.conf
-to get the name of the local realm
-.TP
-/tmp/tkt[uid]
-as the default ticket file ([uid] is the decimal UID of the user).
-.TP
-/etc/kerberosIV/srvtab
-as the default service key file
-.SH SEE ALSO
-.PP
-kerberos(1), kinit(1), kdestroy(1)
-.SH BUGS
-When reading a file as a service key file, very little sanity or error
-checking is performed.
diff --git a/eBones/man/krb.3 b/eBones/man/krb.3
deleted file mode 100644
index 98a720b..0000000
--- a/eBones/man/krb.3
+++ /dev/null
@@ -1,462 +0,0 @@
-.\" $Source: /home/ncvs/src/eBones/man/krb.3,v $
-.\" $Author: rgrimes $
-.\" $Header: /home/ncvs/src/eBones/man/krb.3,v 1.1.1.1 1994/05/27 05:12:09 rgrimes Exp $
-.\" Copyright 1989 by the Massachusetts Institute of Technology.
-.\"
-.\" For copying and distribution information,
-.\" please see the file <mit-copyright.h>.
-.\"
-.TH KERBEROS 3 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-krb_mk_req, krb_rd_req, krb_kntoln, krb_set_key, krb_get_cred,
-krb_mk_priv, krb_rd_priv, krb_mk_safe, krb_rd_safe, krb_mk_err,
-krb_rd_err, krb_ck_repl \- Kerberos authentication library
-.SH SYNOPSIS
-.nf
-.nj
-.ft B
-#include <kerberosIV/des.h>
-#include <kerberosIV/krb.h>
-.PP
-.ft B
-extern char *krb_err_txt[];
-.PP
-.ft B
-int krb_mk_req(authent,service,instance,realm,checksum)
-KTEXT authent;
-char *service;
-char *instance;
-char *realm;
-u_long checksum;
-.PP
-.ft B
-int krb_rd_req(authent,service,instance,from_addr,ad,fn)
-KTEXT authent;
-char *service;
-char *instance;
-u_long from_addr;
-AUTH_DAT *ad;
-char *fn;
-.PP
-.ft B
-int krb_kntoln(ad,lname)
-AUTH_DAT *ad;
-char *lname;
-.PP
-.ft B
-int krb_set_key(key,cvt)
-char *key;
-int cvt;
-.PP
-.ft B
-int krb_get_cred(service,instance,realm,c)
-char *service;
-char *instance;
-char *realm;
-CREDENTIALS *c;
-.PP
-.ft B
-long krb_mk_priv(in,out,in_length,schedule,key,sender,receiver)
-u_char *in;
-u_char *out;
-u_long in_length;
-des_cblock key;
-des_key_schedule schedule;
-struct sockaddr_in *sender;
-struct sockaddr_in *receiver;
-.PP
-.ft B
-long krb_rd_priv(in,in_length,schedule,key,sender,receiver,msg_data)
-u_char *in;
-u_long in_length;
-Key_schedule schedule;
-des_cblock key;
-struct sockaddr_in *sender;
-struct sockaddr_in *receiver;
-MSG_DAT *msg_data;
-.PP
-.ft B
-long krb_mk_safe(in,out,in_length,key,sender,receiver)
-u_char *in;
-u_char *out;
-u_long in_length;
-des_cblock key;
-struct sockaddr_in *sender;
-struct sockaddr_in *receiver;
-.PP
-.ft B
-long krb_rd_safe(in,length,key,sender,receiver,msg_data)
-u_char *in;
-u_long length;
-des_cblock key;
-struct sockaddr_in *sender;
-struct sockaddr_in *receiver;
-MSG_DAT *msg_data;
-.PP
-.ft B
-long krb_mk_err(out,code,string)
-u_char *out;
-long code;
-char *string;
-.PP
-.ft B
-long krb_rd_err(in,length,code,msg_data)
-u_char *in;
-u_long length;
-long code;
-MSG_DAT *msg_data;
-.fi
-.ft R
-.SH DESCRIPTION
-This library supports network authentication and various related
-operations.  The library contains many routines beyond those described
-in this man page, but they are not intended to be used directly.
-Instead, they are called by the routines that are described, the
-authentication server and the login program.
-.PP
-.I krb_err_txt[]
-contains text string descriptions of various Kerberos error codes returned
-by some of the routines below.
-.PP
-.I krb_mk_req
-takes a pointer to a text structure in which an authenticator is to be
-built.  It also takes the name, instance, and realm of the service to be
-used and an optional checksum.  It is up to the application to decide
-how to generate the checksum.
-.I krb_mk_req
-then retrieves a ticket for the desired service and creates an
-authenticator.  The authenticator is built in
-.I authent
-and is accessible
-to the calling procedure.
-.PP
-It is up to the application to get the authenticator to the service
-where it will be read by
-.I krb_rd_req.
-Unless an attacker posesses the session key contained in the ticket, it
-will be unable to modify the authenticator.  Thus, the checksum can be
-used to verify the authenticity of the other data that will pass through
-a connection.
-.PP
-.I krb_rd_req
-takes an authenticator of type
-.B KTEXT,
-a service name, an instance, the address of the
-host originating the request, and a pointer to a structure of type
-.B AUTH_DAT
-which is filled in with information obtained from the authenticator.
-It also optionally takes the name of the file in which it will find the
-secret key(s) for the service.
-If the supplied
-.I instance
-contains "*", then the first service key with the same service name
-found in the service key file will be used, and the
-.I instance
-argument will be filled in with the chosen instance.  This means that
-the caller must provide space for such an instance name.
-.PP
-It is used to find out information about the principal when a request
-has been made to a service.  It is up to the application protocol to get
-the authenticator from the client to the service.  The authenticator is
-then passed to
-.I krb_rd_req
-to extract the desired information.
-.PP
-.I krb_rd_req
-returns zero (RD_AP_OK) upon successful authentication.  If a packet was
-forged, modified, or replayed, authentication will fail.  If the
-authentication fails, a non-zero value is returned indicating the
-particular problem encountered.  See
-.I krb.h
-for the list of error codes.
-.PP
-If the last argument is the null string (""), krb_rd_req will use the
-file /etc/kerberosIV/srvtab to find its keys.  If the last argument is
-NULL, it will assume that the key has been set by
-.I krb_set_key
-and will not bother looking further.
-.PP
-.I krb_kntoln
-converts a Kerberos name to a local name.  It takes a structure
-of type AUTH_DAT and uses the name and instance to look in the database
-/etc/kerberosIV/aname to find the corresponding local name.  The local name is
-returned and can be used by an application to change uids, directories,
-or other parameters.  It is not an integral part of Kerberos, but is
-instead provided to support the use of Kerberos in existing utilities.
-.PP
-.I krb_set_key
-takes as an argument a des key.  It then creates
-a key schedule from it and saves the original key to be used as an
-initialization vector.
-It is used to set the server's key which
-must be used to decrypt tickets.
-.PP
-If called with a non-zero second argument,
-.I krb_set_key
-will first convert the input from a string of arbitrary length to a DES
-key by encrypting it with a one-way function.
-.PP
-In most cases it should not be necessary to call
-.I krb_set_key.
-The necessary keys will usually be obtained and set inside
-.I krb_rd_req.  krb_set_key
-is provided for those applications that do not wish to place the
-application keys on disk.
-.PP
-.I krb_get_cred
-searches the caller's ticket file for a ticket for the given service, instance,
-and realm; and, if a ticket is found, fills in the given CREDENTIALS structure
-with the ticket information.
-.PP
-If the ticket was found,
-.I krb_get_cred
-returns GC_OK.
-If the ticket file can't be found, can't be read, doesn't belong to
-the user (other than root), isn't a regular file, or is in the wrong
-mode, the error GC_TKFIL is returned.
-.PP
-.I krb_mk_priv
-creates an encrypted, authenticated
-message from any arbitrary application data, pointed to by
-.I in
-and
-.I in_length
-bytes long.
-The private session key, pointed to by
-.I key
-and the key schedule,
-.I schedule,
-are used to encrypt the data and some header information using
-.I pcbc_encrypt.
-.I sender
-and
-.I receiver
-point to the Internet address of the two parties.
-In addition to providing privacy, this protocol message protects
-against modifications, insertions or replays.  The encapsulated message and
-header are placed in the area pointed to by
-.I out
-and the routine returns the length of the output, or -1 indicating
-an error.
-.PP
-.I krb_rd_priv
-decrypts and authenticates a received
-.I krb_mk_priv
-message.
-.I in
-points to the beginning of the received message, whose length
-is specified in
-.I in_length.
-The private session key, pointed to by
-.I key,
-and the key schedule,
-.I schedule,
-are used to decrypt and verify the received message.
-.I msg_data
-is a pointer to a
-.I MSG_DAT
-struct, defined in
-.I krb.h.
-The routine fills in the
-.I app_data
-field with a pointer to the decrypted application data,
-.I app_length
-with the length of the
-.I app_data
-field,
-.I time_sec
-and
-.I time_5ms
-with the timestamps in the message, and
-.I swap
-with a 1 if the byte order of the receiver is different than that of
-the sender.  (The application must still determine if it is appropriate
-to byte-swap application data; the Kerberos protocol fields are already taken
-care of).  The
-.I hash
-field returns a value useful as input to the
-.I krb_ck_repl
-routine.
-
-The routine returns zero if ok, or a Kerberos error code. Modified messages
-and old messages cause errors, but it is up to the caller to
-check the time sequence of messages, and to check against recently replayed
-messages using
-.I krb_ck_repl
-if so desired.
-.PP
-.I krb_mk_safe
-creates an authenticated, but unencrypted message from any arbitrary
-application data,
-pointed to by
-.I in
-and
-.I in_length
-bytes long.
-The private session key, pointed to by
-.I key,
-is used to seed the
-.I quad_cksum()
-checksum algorithm used as part of the authentication.
-.I sender
-and
-.I receiver
-point to the Internet address of the two parties.
-This message does not provide privacy, but does protect (via detection)
-against modifications, insertions or replays.  The encapsulated message and
-header are placed in the area pointed to by
-.I out
-and the routine returns the length of the output, or -1 indicating
-an error.
-The authentication provided by this routine is not as strong as that
-provided by
-.I krb_mk_priv
-or by computing the checksum using
-.I cbc_cksum
-instead, both of which authenticate via DES.
-.PP
-
-.I krb_rd_safe
-authenticates a received
-.I krb_mk_safe
-message.
-.I in
-points to the beginning of the received message, whose length
-is specified in
-.I in_length.
-The private session key, pointed to by
-.I key,
-is used to seed the quad_cksum() routine as part of the authentication.
-.I msg_data
-is a pointer to a
-.I MSG_DAT
-struct, defined in
-.I krb.h .
-The routine fills in these
-.I MSG_DAT
-fields:
-the
-.I app_data
-field with a pointer to the application data,
-.I app_length
-with the length of the
-.I app_data
-field,
-.I time_sec
-and
-.I time_5ms
-with the timestamps in the message, and
-.I swap
-with a 1 if the byte order of the receiver is different than that of
-the sender.
-(The application must still determine if it is appropriate
-to byte-swap application data; the Kerberos protocol fields are already taken
-care of).  The
-.I hash
-field returns a value useful as input to the
-.I krb_ck_repl
-routine.
-
-The routine returns zero if ok, or a Kerberos error code. Modified messages
-and old messages cause errors, but it is up to the caller to
-check the time sequence of messages, and to check against recently replayed
-messages using
-.I krb_ck_repl
-if so desired.
-.PP
-.I krb_mk_err
-constructs an application level error message that may be used along
-with
-.I krb_mk_priv
-or
-.I krb_mk_safe.
-.I out
-is a pointer to the output buffer,
-.I code
-is an application specific error code, and
-.I string
-is an application specific error string.
-
-.PP
-.I krb_rd_err
-unpacks a received
-.I krb_mk_err
-message.
-.I in
-points to the beginning of the received message, whose length
-is specified in
-.I in_length.
-.I code
-is a pointer to a value to be filled in with the error
-value provided by the application.
-.I msg_data
-is a pointer to a
-.I MSG_DAT
-struct, defined in
-.I krb.h .
-The routine fills in these
-.I MSG_DAT
-fields: the
-.I app_data
-field with a pointer to the application error text,
-.I app_length
-with the length of the
-.I app_data
-field, and
-.I swap
-with a 1 if the byte order of the receiver is different than that of
-the sender.  (The application must still determine if it is appropriate
-to byte-swap application data; the Kerberos protocol fields are already taken
-care of).
-
-The routine returns zero if the error message has been successfully received,
-or a Kerberos error code.
-.PP
-The
-.I KTEXT
-structure is used to pass around text of varying lengths.  It consists
-of a buffer for the data, and a length.  krb_rd_req takes an argument of this
-type containing the authenticator, and krb_mk_req returns the
-authenticator in a structure of this type.  KTEXT itself is really a
-pointer to the structure.   The actual structure is of type KTEXT_ST.
-.PP
-The
-.I AUTH_DAT
-structure is filled in by krb_rd_req.  It must be allocated before
-calling krb_rd_req, and a pointer to it is passed.  The structure is
-filled in with data obtained from Kerberos.
-.I MSG_DAT
-structure is filled in by either krb_rd_priv, krb_rd_safe, or
-krb_rd_err.  It must be allocated before the call and a pointer to it
-is passed.  The structure is
-filled in with data obtained from Kerberos.
-.PP
-.SH FILES
-/usr/include/kerberosIV/krb.h
-.br
-/usr/lib/libkrb.a
-.br
-/usr/include/kerberosIV/des.h
-.br
-/usr/lib/libdes.a
-.br
-/etc/kerberosIV/aname
-.br
-/etc/kerberosIV/srvtab
-.br
-/tmp/tkt[uid]
-.SH "SEE ALSO"
-kerberos(1), des_crypt(3)
-.SH DIAGNOSTICS
-.SH BUGS
-The caller of
-.I krb_rd_req, krb_rd_priv, and krb_rd_safe
-must check time order and for replay attempts.
-.I krb_ck_repl
-is not implemented yet.
-.SH AUTHORS
-Clifford Neuman, MIT Project Athena
-.br
-Steve Miller, MIT Project Athena/Digital Equipment Corporation
-.SH RESTRICTIONS
-COPYRIGHT 1985,1986,1989 Massachusetts Institute of Technology
diff --git a/eBones/man/krb_realmofhost.3 b/eBones/man/krb_realmofhost.3
deleted file mode 100644
index 63aa1eb..0000000
--- a/eBones/man/krb_realmofhost.3
+++ /dev/null
@@ -1,161 +0,0 @@
-.\" from: krb_realmofhost.3,v 4.1 89/01/23 11:10:47 jtkohl Exp $
-.\" $Id: krb_realmofhost.3,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $
-.\" Copyright 1989 by the Massachusetts Institute of Technology.
-.\"
-.\" For copying and distribution information,
-.\" please see the file <Copyright.MIT>.
-.\"
-.TH KRB_REALMOFHOST 3 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-krb_realmofhost, krb_get_phost, krb_get_krbhst, krb_get_admhst,
-krb_get_lrealm \- additional Kerberos utility routines
-.SH SYNOPSIS
-.nf
-.nj
-.ft B
-#include <kerberosIV/krb.h>
-#include <kerberosIV/des.h>
-#include <netinet/in.h>
-.PP
-.ft B
-char *krb_realmofhost(host)
-char *host;
-.PP
-.ft B
-char *krb_get_phost(alias)
-char *alias;
-.PP
-.ft B
-krb_get_krbhst(host,realm,n)
-char *host;
-char *realm;
-int n;
-.PP
-.ft B
-krb_get_admhst(host,realm,n)
-char *host;
-char *realm;
-int n;
-.PP
-.ft B
-krb_get_lrealm(realm,n)
-char *realm;
-int n;
-.fi
-.ft R
-.SH DESCRIPTION
-.I krb_realmofhost
-returns the Kerberos realm of the host
-.IR host ,
-as determined by the translation table
-.IR /etc/kerberosIV/krb.realms .
-.I host
-should be the fully-qualified domain-style primary host name of the host
-in question.  In order to prevent certain security attacks, this routine
-must either have 
-.I a priori
-knowledge of a host's realm, or obtain such information securely.
-.PP
-The format of the translation file is described by 
-.IR krb.realms (5).
-If
-.I host
-exactly matches a host_name line, the corresponding realm
-is returned.
-Otherwise, if the domain portion of
-.I host
-matches a domain_name line, the corresponding realm
-is returned.
-If
-.I host
-contains a domain, but no translation is found,
-.IR host 's
-domain is converted to upper-case and returned.
-If 
-.I host
-contains no discernable domain, or an error occurs,
-the local realm name, as supplied by 
-.IR krb_get_lrealm (3),
-is returned.
-.PP
-.I krb_get_phost
-converts the hostname
-.I alias
-(which can be either an official name or an alias) into the instance
-name to be used in obtaining Kerberos tickets for most services,
-including the Berkeley rcmd suite (rlogin, rcp, rsh).
-.br
-The current convention is to return the first segment of the official
-domain-style name after conversion to lower case.
-.PP
-.I krb_get_krbhst
-fills in
-.I host
-with the hostname of the
-.IR n th
-host running a Kerberos key distribution center (KDC)
-for realm
-.IR realm ,
-as specified in the configuration file (\fI/etc/kerberosIV/krb.conf\fR).
-The configuration file is described by 
-.IR krb.conf (5).
-If the host is successfully filled in, the routine
-returns KSUCCESS.
-If the file cannot be opened, and
-.I n
-equals 1, then the value of KRB_HOST as defined in
-.I <krb.h>
-is filled in, and KSUCCESS is returned.  If there are fewer than
-.I n
-hosts running a Kerberos KDC for the requested realm, or the
-configuration file is malformed, the routine
-returns KFAILURE.
-.PP
-.I krb_get_admhst
-fills in
-.I host
-with the hostname of the
-.IR n th
-host running a Kerberos KDC database administration server
-for realm
-.IR realm ,
-as specified in the configuration file (\fI/etc/kerberosIV/krb.conf\fR).
-If the file cannot be opened or is malformed, or there are fewer than
-.I n
-hosts running a Kerberos KDC database administration server,
-the routine returns KFAILURE.
-.PP
-The character arrays used as return values for
-.IR krb_get_krbhst ,
-.IR krb_get_admhst ,
-should be large enough to
-hold any hostname (MAXHOSTNAMELEN from <sys/param.h>).
-.PP
-.I krb_get_lrealm
-fills in
-.I realm
-with the
-.IR n th
-realm of the local host, as specified in the configuration file.
-.I realm
-should be at least REALM_SZ (from
-.IR <krb.h>) characters long.
-.PP
-.SH SEE ALSO
-kerberos(3), krb.conf(5), krb.realms(5)
-.SH FILES
-.TP 20n
-/etc/kerberosIV/krb.realms
-translation file for host-to-realm mapping.
-.TP
-/etc/kerberosIV/krb.conf
-local realm-name and realm/server configuration file.
-.SH BUGS
-The current convention for instance names is too limited; the full
-domain name should be used.
-.PP
-.I krb_get_lrealm
-currently only supports 
-.I n
-= 1.  It should really consult the user's ticket cache to determine the
-user's current realm, rather than consulting a file on the host.
diff --git a/eBones/man/krb_sendauth.3 b/eBones/man/krb_sendauth.3
deleted file mode 100644
index a749bb5..0000000
--- a/eBones/man/krb_sendauth.3
+++ /dev/null
@@ -1,348 +0,0 @@
-.\" from: krb_sendauth.3,v 4.1 89/01/23 11:10:58 jtkohl Exp $
-.\" $Id: krb_sendauth.3,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $
-.\" Copyright 1988 by the Massachusetts Institute of Technology.
-.\"
-.\" For copying and distribution information,
-.\" please see the file <Copyright.MIT>.
-.\"
-.TH KRB_SENDAUTH 3 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-krb_sendauth, krb_recvauth, krb_net_write, krb_net_read \-
-Kerberos routines for sending authentication via network stream sockets
-.SH SYNOPSIS
-.nf
-.nj
-.ft B
-#include <kerberosIV/krb.h>
-#include <kerberosIV/des.h>
-#include <netinet/in.h>
-.PP
-.fi
-.HP 1i
-.ft B
-int krb_sendauth(options, fd, ktext, service, inst, realm, checksum,
-msg_data, cred, schedule, laddr, faddr, version)
-.nf
-.RS 0
-.ft B
-long options;
-int fd;
-KTEXT ktext;
-char *service, *inst, *realm;
-u_long checksum;
-MSG_DAT *msg_data;
-CREDENTIALS *cred;
-Key_schedule schedule;
-struct sockaddr_in *laddr, *faddr;
-char *version;
-.PP
-.fi
-.HP 1i
-.ft B
-int krb_recvauth(options, fd, ktext, service, inst, faddr, laddr,
-auth_data, filename, schedule, version)
-.nf
-.RS 0
-.ft B
-long options;
-int fd;
-KTEXT ktext;
-char *service, *inst;
-struct sockaddr_in *faddr, *laddr;
-AUTH_DAT *auth_data;
-char *filename;
-Key_schedule schedule;
-char *version;			
-.PP
-.ft B
-int krb_net_write(fd, buf, len)
-int fd;
-char *buf;
-int len;
-.PP
-.ft B
-int krb_net_read(fd, buf, len)
-int fd;
-char *buf;
-int len;
-.fi
-.SH DESCRIPTION
-.PP
-These functions,
-which are built on top of the core Kerberos library,
-provide a convenient means for client and server
-programs to send authentication messages
-to one another through network connections.
-The
-.I krb_sendauth
-function sends an authenticated ticket from the client program to
-the server program by writing the ticket to a network socket.
-The
-.I krb_recvauth
-function receives the ticket from the client by
-reading from a network socket.
-
-.SH KRB_SENDAUTH
-.PP
-This function writes the ticket to
-the network socket specified by the
-file descriptor
-.IR fd,
-returning KSUCCESS if the write proceeds successfully,
-and an error code if it does not.
-
-The
-.I ktext
-argument should point to an allocated KTEXT_ST structure.
-The
-.IR service,
-.IR inst,
-and
-.IR realm
-arguments specify the server program's Kerberos principal name,
-instance, and realm.
-If you are writing a client that uses the local realm exclusively,
-you can set the
-.I realm
-argument to NULL.
-
-The
-.I version
-argument allows the client program to pass an application-specific
-version string that the server program can then match against
-its own version string.
-The
-.I version
-string can be up to KSEND_VNO_LEN (see 
-.IR <krb.h> )
-characters in length.
-
-The
-.I checksum
-argument can be used to pass checksum information to the
-server program.
-The client program is responsible for specifying this information.
-This checksum information is difficult to corrupt because
-.I krb_sendauth
-passes it over the network in encrypted form.
-The
-.I checksum
-argument is passed as the checksum argument to
-.IR krb_mk_req .
-
-You can set
-.IR krb_sendauth's
-other arguments to NULL unless you want the
-client and server programs to mutually authenticate
-themselves.
-In the case of mutual authentication,
-the client authenticates itself to the server program,
-and demands that the server in turn authenticate itself to
-the client.
-
-.SH KRB_SENDAUTH AND MUTUAL AUTHENTICATION
-.PP
-If you want mutual authentication,
-make sure that you read all pending data from the local socket
-before calling
-.IR krb_sendauth.
-Set
-.IR krb_sendauth's
-.I options
-argument to
-.BR KOPT_DO_MUTUAL
-(this macro is defined in the
-.IR krb.h
-file);
-make sure that the
-.I laddr
-argument points to
-the address of the local socket,
-and that
-.I faddr
-points to the foreign socket's network address.
-
-.I Krb_sendauth
-fills in the other arguments--
-.IR msg_data ,
-.IR cred ,
-and
-.IR schedule --before
-sending the ticket to the server program.
-You must, however, allocate space for these arguments
-before calling the function.
-
-.I Krb_sendauth
-supports two other options:
-.BR KOPT_DONT_MK_REQ,
-and
-.BR KOPT_DONT_CANON.
-If called with
-.I options
-set as KOPT_DONT_MK_REQ,
-.I krb_sendauth
-will not use the
-.I krb_mk_req
-function to retrieve the ticket from the Kerberos server.
-The
-.I ktext
-argument must point to an existing ticket and authenticator (such as
-would be created by 
-.IR krb_mk_req ),
-and the
-.IR service,
-.IR inst,
-and
-.IR realm
-arguments can be set to NULL.
-
-If called with
-.I options
-set as KOPT_DONT_CANON,
-.I krb_sendauth
-will not convert the service's instance to canonical form using 
-.IR krb_get_phost (3).
-
-If you want to call
-.I krb_sendauth
-with a multiple
-.I options
-specification,
-construct
-.I options
-as a bitwise-OR of the options you want to specify.
-
-.SH KRB_RECVAUTH
-.PP
-The
-.I krb_recvauth
-function
-reads a ticket/authenticator pair from the socket pointed to by the
-.I fd
-argument.
-Set the
-.I options
-argument
-as a bitwise-OR of the options desired.
-Currently only KOPT_DO_MUTUAL is useful to the receiver.
-
-The
-.I ktext
-argument
-should point to an allocated KTEXT_ST structure.
-.I Krb_recvauth
-fills
-.I ktext
-with the
-ticket/authenticator pair read from
-.IR fd ,
-then passes it to
-.IR krb_rd_req .
-
-The
-.I service
-and
-.I inst
-arguments
-specify the expected service and instance for which the ticket was
-generated.  They are also passed to
-.IR krb_rd_req.
-The
-.I inst
-argument may be set to "*" if the caller wishes
-.I krb_mk_req
-to fill in the instance used (note that there must be space in the
-.I inst
-argument to hold a full instance name, see 
-.IR krb_mk_req (3)).
-
-The
-.I faddr
-argument
-should point to the address of the peer which is presenting the ticket.
-It is also passed to
-.IR krb_rd_req .
-
-If the client and server plan to mutually authenticate
-one another,
-the
-.I laddr
-argument
-should point to the local address of the file descriptor.
-Otherwise you can set this argument to NULL.
-
-The
-.I auth_data
-argument
-should point to an allocated AUTH_DAT area.
-It is passed to and filled in by
-.IR krb_rd_req .
-The checksum passed to the corresponding
-.I krb_sendauth
-is available as part of the filled-in AUTH_DAT area.
-
-The
-.I filename
-argument
-specifies the filename
-which the service program should use to obtain its service key.
-.I Krb_recvauth
-passes
-.I filename
-to the
-.I krb_rd_req
-function.
-If you set this argument to "",
-.I krb_rd_req
-looks for the service key in the file
-.IR /etc/kerberosIV/srvtab.
-
-If the client and server are performing mutual authenication,
-the
-.I schedule
-argument
-should point to an allocated Key_schedule.
-Otherwise it is ignored and may be NULL.
-
-The
-.I version
-argument should point to a character array of at least KSEND_VNO_LEN
-characters.  It is filled in with the version string passed by the client to
-.IR krb_sendauth.
-.PP
-.SH KRB_NET_WRITE AND KRB_NET_READ
-.PP
-The
-.I krb_net_write
-function
-emulates the write(2) system call, but guarantees that all data
-specified is written to
-.I fd
-before returning, unless an error condition occurs.
-.PP
-The
-.I krb_net_read
-function
-emulates the read(2) system call, but guarantees that the requested
-amount of data is read from
-.I fd
-before returning, unless an error condition occurs.
-.PP
-.SH BUGS
-.IR krb_sendauth,
-.IR krb_recvauth,
-.IR krb_net_write,
-and
-.IR krb_net_read
-will not work properly on sockets set to non-blocking I/O mode.
-
-.SH SEE ALSO
-
-krb_mk_req(3), krb_rd_req(3), krb_get_phost(3)
-
-.SH AUTHOR
-John T. Kohl, MIT Project Athena
-.SH RESTRICTIONS
-Copyright 1988, Massachusetts Instititute of Technology.
-For copying and distribution information,
-please see the file <Copyright.h>.
diff --git a/eBones/man/krb_set_tkt_string.3 b/eBones/man/krb_set_tkt_string.3
deleted file mode 100644
index 73b5e5d..0000000
--- a/eBones/man/krb_set_tkt_string.3
+++ /dev/null
@@ -1,43 +0,0 @@
-.\" from: krb_set_tkt_string.3,v 4.1 89/01/23 11:11:09 jtkohl Exp $
-.\" $Id: krb_set_tkt_string.3,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $
-.\" Copyright 1989 by the Massachusetts Institute of Technology.
-.\"
-.\" For copying and distribution information,
-.\" please see the file <Copyright.MIT>.
-.\"
-.TH KRB_SET_TKT_STRING 3 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-krb_set_tkt_string \- set Kerberos ticket cache file name
-.SH SYNOPSIS
-.nf
-.nj
-.ft B
-#include <kerberosIV/krb.h>
-.PP
-.ft B
-void krb_set_tkt_string(filename)
-char *filename;
-.fi
-.ft R
-.SH DESCRIPTION
-.I krb_set_tkt_string
-sets the name of the file that holds the user's
-cache of Kerberos server tickets and associated session keys.
-.PP
-The string 
-.I filename
-passed in is copied into local storage.
-Only MAXPATHLEN-1 (see <sys/param.h>) characters of the filename are
-copied in for use as the cache file name.
-.PP
-This routine should be called during initialization, before other
-Kerberos routines are called; otherwise the routines which fetch the
-ticket cache file name may be called and return an undesired ticket file
-name until this routine is called.
-.SH FILES
-.TP 20n
-/tmp/tkt[uid]
-default ticket file name, unless the environment variable KRBTKFILE is set.
-[uid] denotes the user's uid, in decimal.
-.SH SEE ALSO
-kerberos(3), setenv(3)
diff --git a/eBones/man/ksrvtgt.1 b/eBones/man/ksrvtgt.1
deleted file mode 100644
index 129c745..0000000
--- a/eBones/man/ksrvtgt.1
+++ /dev/null
@@ -1,51 +0,0 @@
-.\" from: ksrvtgt.1,v 4.1 89/01/24 14:36:28 jtkohl Exp $
-.\" $Id: ksrvtgt.1,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $
-.\" Copyright 1989 by the Massachusetts Institute of Technology.
-.\"
-.\" For copying and distribution information,
-.\" please see the file <Copyright.MIT>.
-.\"
-.TH KSRVTGT 1 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-ksrvtgt \- fetch and store Kerberos ticket-granting-ticket using a
-service key
-.SH SYNOPSIS
-.B ksrvtgt
-name instance [[realm] srvtab]
-.SH DESCRIPTION
-.I ksrvtgt
-retrieves a ticket-granting ticket with a lifetime of five (5) minutes
-for the principal
-.I name.instance@realm
-(or 
-.I name.instance@localrealm
-if
-.I realm
-is not supplied on the command line), decrypts the response using
-the service key found in
-.I srvtab
-(or in 
-.B /etc/kerberosIV/srvtab
-if
-.I srvtab
-is not specified on the command line), and stores the ticket in the
-standard ticket cache.
-.PP
-This command is intended primarily for use in shell scripts and other
-batch-type facilities.
-.SH DIAGNOSTICS
-"Generic kerberos failure (kfailure)" can indicate a whole range of
-problems, the most common of which is the inability to read the service
-key file.
-.SH FILES
-.TP 2i
-/etc/kerberosIV/krb.conf
-to get the name of the local realm.
-.TP
-/tmp/tkt[uid]
-The default ticket file.
-.TP
-/etc/kerberosIV/srvtab
-The default service key file.
-.SH SEE ALSO
-kerberos(1), kinit(1), kdestroy(1)
diff --git a/eBones/man/kstash.8 b/eBones/man/kstash.8
deleted file mode 100644
index ac8c57b..0000000
--- a/eBones/man/kstash.8
+++ /dev/null
@@ -1,44 +0,0 @@
-.\" from: kstash.8,v 4.1 89/01/23 11:11:39 jtkohl Exp $
-.\" $Id: kstash.8,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $
-.\" Copyright 1989 by the Massachusetts Institute of Technology.
-.\"
-.\" For copying and distribution information,
-.\" please see the file <Copyright.MIT>.
-.\"
-.TH KSTASH 8 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-kstash \- stash Kerberos key distribution center database master key
-.SH SYNOPSIS
-kstash
-.SH DESCRIPTION
-.I kstash
-saves the Kerberos key distribution center (KDC) database master key in
-the master key cache file.
-.PP
-The user is prompted to enter the key, to verify the authenticity of the
-key and the authorization to store the key in the file.
-.SH DIAGNOSTICS
-.TP 20n
-"verify_master_key: Invalid master key, does not match database."
-The master key string entered was incorrect.
-.TP
-"kstash: Unable to open master key file"
-The attempt to open the cache file for writing failed (probably due to a
-system or access permission error).
-.TP
-"kstash: Write I/O error on master key file"
-The 
-.BR write (2)
-system call returned an error while
-.I kstash
-was attempting to write the key to the file.
-.SH FILES
-.TP 20n
-/etc/kerberosIV/principal.db
-DBM file containing database
-.TP
-/etc/kerberosIV/principal.ok
-Semaphore indicating that the DBM database is not being modified.
-.TP
-/etc/kerberosIV/master_key
-Master key cache file.
diff --git a/eBones/man/kuserok.3 b/eBones/man/kuserok.3
deleted file mode 100644
index c7581a6..0000000
--- a/eBones/man/kuserok.3
+++ /dev/null
@@ -1,63 +0,0 @@
-.\" from: kuserok.3,v 4.1 89/01/23 11:11:49 jtkohl Exp $
-.\" $Id: kuserok.3,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $
-.\" Copyright 1989 by the Massachusetts Institute of Technology.
-.\"
-.\" For copying and distribution information,
-.\" please see the file <Copyright.MIT>.
-.\"
-.TH KUSEROK 3 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-kuserok \- Kerberos version of ruserok
-.SH SYNOPSIS
-.nf
-.nj
-.ft B
-#include <kerberosIV/krb.h>
-.PP
-.ft B
-kuserok(kdata, localuser)
-AUTH_DAT *auth_data;
-char   *localuser;
-.fi
-.ft R
-.SH DESCRIPTION
-.I kuserok
-determines whether a Kerberos principal described by the structure
-.I auth_data
-is authorized to login as user
-.I localuser
-according to the authorization file
-("~\fIlocaluser\fR/.klogin" by default).  It returns 0 (zero) if authorized,
-1 (one) if not authorized.
-.PP
-If there is no account for 
-.I localuser
-on the local machine, authorization is not granted.
-If there is no authorization file, and the Kerberos principal described
-by 
-.I auth_data
-translates to 
-.I localuser
-(using 
-.IR krb_kntoln (3)),
-authorization is granted.
-If the authorization file
-can't be accessed, or the file is not owned by
-.IR localuser,
-authorization is denied.  Otherwise, the file is searched for
-a matching principal name, instance, and realm.  If a match is found,
-authorization is granted, else authorization is denied.
-.PP
-The file entries are in the format:
-.nf
-.in +5n
-	name.instance@realm
-.in -5n
-.fi
-with one entry per line.
-.SH SEE ALSO
-kerberos(3), ruserok(3), krb_kntoln(3)
-.SH FILES
-.TP 20n
-~\fIlocaluser\fR/.klogin
-authorization list
diff --git a/eBones/man/tf_util.3 b/eBones/man/tf_util.3
deleted file mode 100644
index ee6e436..0000000
--- a/eBones/man/tf_util.3
+++ /dev/null
@@ -1,151 +0,0 @@
-.\" from: tf_util.3,v 4.2 89/04/25 17:17:11 jtkohl Exp $
-.\" $Id: tf_util.3,v 1.1.1.1 1994/09/30 14:50:08 csgr Exp $
-.\" Copyright 1989 by the Massachusetts Institute of Technology.
-.\"
-.\" For copying and distribution information,
-.\" please see the file <Copyright.MIT>.
-.\"
-.TH TF_UTIL 3 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-tf_init, tf_get_pname, tf_get_pinst, tf_get_cred, tf_close \
-\- Routines for manipulating a Kerberos ticket file
-.SH SYNOPSIS
-.nf
-.nj
-.ft B
-#include <kerberosIV/krb.h>
-.PP
-.ft B
-extern char *krb_err_txt[];
-.PP
-.ft B
-tf_init(tf_name, rw)
-char *tf_name;
-int rw;
-.PP
-.ft B
-tf_get_pname(pname)
-char *pname;
-.PP
-.ft B
-tf_get_pinst(pinst)
-char *pinst;
-.PP
-.ft B
-tf_get_cred(c)
-CREDENTIALS *c;
-.PP
-.ft B
-tf_close()
-.PP
-.fi
-.SH DESCRIPTION
-This group of routines are provided to manipulate the Kerberos tickets
-file.  A ticket file has the following format:
-.nf
-.in +4
-.sp
-principal's name          (null-terminated string)
-principal's instance      (null-terminated string)
-CREDENTIAL_1
-CREDENTIAL_2
-  ...
-CREDENTIAL_n
-EOF
-.sp
-.in -4
-.LP
-Where "CREDENTIAL_x" consists of the following fixed-length
-fields from the CREDENTIALS structure (defined in <krb.h>):
-.nf
-.sp
-.in +4
-	char		service[ANAME_SZ]
-	char		instance[INST_SZ]
-	char		realm[REALM_SZ]
-	des_cblock	session
-	int		lifetime
-	int		kvno
-	KTEXT_ST	ticket_st
-	long		issue_date
-.in -4
-.sp
-.fi
-.PP
-.I tf_init
-must be called before the other ticket file
-routines.
-It takes the name of the ticket file to use,
-and a read/write flag as arguments.
-It tries to open the ticket file, checks the mode and if
-everything is okay, locks the file.  If it's opened for
-reading, the lock is shared.  If it's opened for writing,
-the lock is exclusive.
-KSUCCESS is returned if all went well, otherwise one of the
-following:
-.nf
-.sp
-NO_TKT_FIL	- file wasn't there
-TKT_FIL_ACC	- file was in wrong mode, etc.
-TKT_FIL_LCK	- couldn't lock the file, even after a retry
-.sp
-.fi
-.PP
-The
-.I tf_get_pname
-reads the principal's name from a ticket file.
-It should only be called after tf_init has been called.  The
-principal's name is filled into the 
-.I pname
-parameter.  If all goes
-well, KSUCCESS is returned.
-If tf_init wasn't called, TKT_FIL_INI
-is returned.
-If the principal's name was null, or EOF was encountered, or the
-name was longer than ANAME_SZ, TKT_FIL_FMT is returned.
-.PP
-The
-.I tf_get_pinst
-reads the principal's instance from a ticket file.
-It should only be called after tf_init and tf_get_pname
-have been called.
-The principal's instance is filled into the 
-.I pinst
-parameter.
-If all goes
-well, KSUCCESS is returned.
-If tf_init wasn't called, TKT_FIL_INI
-is returned.
-If EOF was encountered, or the
-name was longer than INST_SZ, TKT_FIL_FMT is returned.
-Note that, unlike the principal name, the instance name may be null.
-.PP
-The
-.I tf_get_cred
-routine reads a CREDENTIALS record from a ticket file and
-fills in the given structure.
-It should only be called after
-tf_init, tf_get_pname, and tf_get_pinst have been called.
-If all goes well, KSUCCESS is returned.  Possible error codes
-are:
-.nf
-.sp
-TKT_FIL_INI	- tf_init wasn't called first
-TKT_FIL_FMT	- bad format
-EOF		- end of file encountered
-.sp
-.fi
-.PP
-.I tf_close
-closes the ticket file and releases the lock on it.
-.SH "SEE ALSO"
-krb(3)
-.SH DIAGNOSTICS
-.SH BUGS
-The ticket file routines have to be called in a certain order.
-.SH AUTHORS
-Jennifer Steiner, MIT Project Athena
-.br
-Bill Bryant, MIT Project Athena
-.SH RESTRICTIONS
-Copyright 1987 Massachusetts Institute of Technology