Module Name: src
Committed By: elric
Date: Thu Apr 14 19:19:20 UTC 2011
Modified Files:
src/crypto/external/bsd/heimdal/dist/admin: ktutil.8
src/crypto/external/bsd/heimdal/dist/kadmin: kadmin.8 kadmind.8
src/crypto/external/bsd/heimdal/dist/kcm: kcm.8
src/crypto/external/bsd/heimdal/dist/kdc: hprop.8 hpropd.8 kdc.8
kstash.8 string2key.8
src/crypto/external/bsd/heimdal/dist/kpasswd: kpasswdd.8
src/crypto/external/bsd/heimdal/dist/kuser: kdestroy.1 kgetcred.1
kimpersonate.8 kinit.1 klist.1
src/crypto/external/bsd/heimdal/dist/lib/gssapi: gssapi.3
src/crypto/external/bsd/heimdal/dist/lib/kadm5: iprop-log.8 iprop.8
src/crypto/external/bsd/heimdal/dist/lib/krb5: krb5_get_in_cred.3
krb5_init_context.3
Log Message:
Updates to man pages found as diffs in prior location in a batch.
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.2 -r1.2 \
src/crypto/external/bsd/heimdal/dist/admin/ktutil.8
cvs rdiff -u -r1.1.1.2 -r1.2 \
src/crypto/external/bsd/heimdal/dist/kadmin/kadmin.8 \
src/crypto/external/bsd/heimdal/dist/kadmin/kadmind.8
cvs rdiff -u -r1.1.1.2 -r1.2 src/crypto/external/bsd/heimdal/dist/kcm/kcm.8
cvs rdiff -u -r1.1.1.2 -r1.2 src/crypto/external/bsd/heimdal/dist/kdc/hprop.8 \
src/crypto/external/bsd/heimdal/dist/kdc/hpropd.8 \
src/crypto/external/bsd/heimdal/dist/kdc/kdc.8 \
src/crypto/external/bsd/heimdal/dist/kdc/kstash.8 \
src/crypto/external/bsd/heimdal/dist/kdc/string2key.8
cvs rdiff -u -r1.1.1.1 -r1.2 \
src/crypto/external/bsd/heimdal/dist/kpasswd/kpasswdd.8
cvs rdiff -u -r1.1.1.2 -r1.2 \
src/crypto/external/bsd/heimdal/dist/kuser/kdestroy.1 \
src/crypto/external/bsd/heimdal/dist/kuser/kgetcred.1 \
src/crypto/external/bsd/heimdal/dist/kuser/kimpersonate.8 \
src/crypto/external/bsd/heimdal/dist/kuser/kinit.1 \
src/crypto/external/bsd/heimdal/dist/kuser/klist.1
cvs rdiff -u -r1.1.1.2 -r1.2 \
src/crypto/external/bsd/heimdal/dist/lib/gssapi/gssapi.3
cvs rdiff -u -r1.1.1.2 -r1.2 \
src/crypto/external/bsd/heimdal/dist/lib/kadm5/iprop-log.8 \
src/crypto/external/bsd/heimdal/dist/lib/kadm5/iprop.8
cvs rdiff -u -r1.1.1.2 -r1.2 \
src/crypto/external/bsd/heimdal/dist/lib/krb5/krb5_get_in_cred.3 \
src/crypto/external/bsd/heimdal/dist/lib/krb5/krb5_init_context.3
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/heimdal/dist/admin/ktutil.8
diff -u src/crypto/external/bsd/heimdal/dist/admin/ktutil.8:1.1.1.2 src/crypto/external/bsd/heimdal/dist/admin/ktutil.8:1.2
--- src/crypto/external/bsd/heimdal/dist/admin/ktutil.8:1.1.1.2 Thu Apr 14 14:08:06 2011
+++ src/crypto/external/bsd/heimdal/dist/admin/ktutil.8 Thu Apr 14 19:19:19 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: ktutil.8,v 1.1.1.2 2011/04/14 14:08:06 elric Exp $
+.\" $NetBSD: ktutil.8,v 1.2 2011/04/14 19:19:19 elric Exp $
.\"
.\" Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
@@ -55,72 +55,43 @@
is a program for managing keytabs.
Supported options:
.Bl -tag -width Ds
-.It Xo
-.Fl v ,
-.Fl -verbose
-.Xc
+.It Fl v , Fl -verbose
Verbose output.
.El
.Pp
.Ar command
can be one of the following:
.Bl -tag -width srvconvert
-.It add Xo
-.Op Fl p Ar principal
-.Op Fl -principal= Ns Ar principal
-.Op Fl V Ar kvno
-.Op Fl -kvno= Ns Ar kvno
-.Op Fl e Ar enctype
-.Op Fl -enctype= Ns Ar enctype
-.Op Fl w Ar password
-.Op Fl -password= Ns Ar password
-.Op Fl r
-.Op Fl -random
-.Op Fl s
-.Op Fl -no-salt
-.Op Fl H
-.Op Fl -hex
-.Xc
+.It add Oo Fl p Ar principal Oc Oo Fl -principal= Ns Ar principal Oc \
+Oo Fl V Ar kvno Oc Oo Fl -kvno= Ns Ar kvno Oc Oo Fl e Ar enctype Oc \
+Oo Fl -enctype= Ns Ar enctype Oc Oo Fl w Ar password Oc \
+Oo Fl -password= Ns Ar password Oc Oo Fl r Oc Oo Fl -random Oc \
+Oo Fl s Oc Oo Fl -no-salt Oc Oo Fl H Oc Op Fl -hex
Adds a key to the keytab. Options that are not specified will be
prompted for. This requires that you know the password or the hex key of the
principal to add; if what you really want is to add a new principal to
the keytab, you should consider the
.Ar get
command, which talks to the kadmin server.
-.It change Xo
-.Op Fl r Ar realm
-.Op Fl -realm= Ns Ar realm
-.Op Fl -a Ar host
-.Op Fl -admin-server= Ns Ar host
-.Op Fl -s Ar port
-.Op Fl -server-port= Ns Ar port
-.Xc
+.It change Oo Fl r Ar realm Oc Oo Fl -realm= Ns Ar realm Oc \
+Oo Fl -a Ar host Oc Oo Fl -admin-server= Ns Ar host Oc \
+Oo Fl -s Ar port Oc Op Fl -server-port= Ns Ar port
Update one or several keys to new versions. By default, use the admin
server for the realm of a keytab entry. Otherwise it will use the
values specified by the options.
.Pp
If no principals are given, all the ones in the keytab are updated.
-.It copy Xo
-.Ar keytab-src
-.Ar keytab-dest
-.Xc
+.It copy Ar keytab-src Ar keytab-dest
Copies all the entries from
.Ar keytab-src
to
.Ar keytab-dest .
-.It get Xo
-.Op Fl p Ar admin principal
-.Op Fl -principal= Ns Ar admin principal
-.Op Fl e Ar enctype
-.Op Fl -enctypes= Ns Ar enctype
-.Op Fl r Ar realm
-.Op Fl -realm= Ns Ar realm
-.Op Fl a Ar admin server
-.Op Fl -admin-server= Ns Ar admin server
-.Op Fl s Ar server port
-.Op Fl -server-port= Ns Ar server port
-.Ar principal ...
-.Xc
+.It get Oo Fl p Ar admin principal Oc \
+Oo Fl -principal= Ns Ar admin principal Oc Oo Fl e Ar enctype Oc \
+Oo Fl -enctypes= Ns Ar enctype Oc Oo Fl r Ar realm Oc \
+Oo Fl -realm= Ns Ar realm Oc Oo Fl a Ar admin server Oc \
+Oo Fl -admin-server= Ns Ar admin server Oc Oo Fl s Ar server port Oc \
+Oo Fl -server-port= Ns Ar server port Oc Ar principal ...
For each
.Ar principal ,
generate a new key for it (creating it if it doesn't already exist),
@@ -130,35 +101,22 @@
.Ar realm
is specified, the realm to operate on is taken from the first
principal.
-.It list Xo
-.Op Fl -keys
-.Op Fl -timestamp
-.Xc
+.It list Oo Fl -keys Oc Op Fl -timestamp
List the keys stored in the keytab.
-.It remove Xo
-.Op Fl p Ar principal
-.Op Fl -principal= Ns Ar principal
-.Op Fl V kvno
-.Op Fl -kvno= Ns Ar kvno
-.Op Fl e enctype
-.Op Fl -enctype= Ns Ar enctype
-.Xc
+.It remove Oo Fl p Ar principal Oc Oo Fl -principal= Ns Ar principal Oc \
+Oo Fl V kvno Oc Oo Fl -kvno= Ns Ar kvno Oc Oo Fl e enctype Oc \
+Oo Fl -enctype= Ns Ar enctype Oc
Removes the specified key or keys. Not specifying a
.Ar kvno
removes keys with any version number. Not specifying an
.Ar enctype
removes keys of any type.
-.It rename Xo
-.Ar from-principal
-.Ar to-principal
-.Xc
+.It rename Ar from-principal Ar to-principal
Renames all entries in the keytab that match the
.Ar from-principal
to
.Ar to-principal .
-.It purge Xo
-.Op Fl -age= Ns Ar age
-.Xc
+.It purge Op Fl -age= Ns Ar age
Removes all old versions of a key for which there is a newer version
that is at least
.Ar age
Index: src/crypto/external/bsd/heimdal/dist/kadmin/kadmin.8
diff -u src/crypto/external/bsd/heimdal/dist/kadmin/kadmin.8:1.1.1.2 src/crypto/external/bsd/heimdal/dist/kadmin/kadmin.8:1.2
--- src/crypto/external/bsd/heimdal/dist/kadmin/kadmin.8:1.1.1.2 Thu Apr 14 14:08:10 2011
+++ src/crypto/external/bsd/heimdal/dist/kadmin/kadmin.8 Thu Apr 14 19:19:19 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: kadmin.8,v 1.1.1.2 2011/04/14 14:08:10 elric Exp $
+.\" $NetBSD: kadmin.8,v 1.2 2011/04/14 19:19:19 elric Exp $
.\"
.\" Copyright (c) 2000 - 2007 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
@@ -42,34 +42,13 @@
.Sh SYNOPSIS
.Nm
.Bk -words
-.Oo Fl p Ar string \*(Ba Xo
-.Fl -principal= Ns Ar string
-.Xc
-.Oc
-.Oo Fl K Ar string \*(Ba Xo
-.Fl -keytab= Ns Ar string
-.Xc
-.Oc
-.Oo Fl c Ar file \*(Ba Xo
-.Fl -config-file= Ns Ar file
-.Xc
-.Oc
-.Oo Fl k Ar file \*(Ba Xo
-.Fl -key-file= Ns Ar file
-.Xc
-.Oc
-.Oo Fl r Ar realm \*(Ba Xo
-.Fl -realm= Ns Ar realm
-.Xc
-.Oc
-.Oo Fl a Ar host \*(Ba Xo
-.Fl -admin-server= Ns Ar host
-.Xc
-.Oc
-.Oo Fl s Ar port number \*(Ba Xo
-.Fl -server-port= Ns Ar port number
-.Xc
-.Oc
+.Op Fl p Ar string \*(Ba Fl -principal= Ns Ar string
+.Op Fl K Ar string \*(Ba Fl -keytab= Ns Ar string
+.Op Fl c Ar file \*(Ba Fl -config-file= Ns Ar file
+.Op Fl k Ar file \*(Ba Fl -key-file= Ns Ar file
+.Op Fl r Ar realm \*(Ba Fl -realm= Ns Ar realm
+.Op Fl a Ar host \*(Ba Fl -admin-server= Ns Ar host
+.Op Fl s Ar port number \*(Ba Fl -server-port= Ns Ar port number
.Op Fl l | Fl -local
.Op Fl h | Fl -help
.Op Fl v | Fl -version
@@ -86,45 +65,21 @@
.Pp
Supported options:
.Bl -tag -width Ds
-.It Xo
-.Fl p Ar string ,
-.Fl -principal= Ns Ar string
-.Xc
+.It Fl p Ar string , Fl -principal= Ns Ar string
principal to authenticate as
-.It Xo
-.Fl K Ar string ,
-.Fl -keytab= Ns Ar string
-.Xc
+.It Fl K Ar string , Fl -keytab= Ns Ar string
keytab for authentication principal
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
+.It Fl c Ar file , Fl -config-file= Ns Ar file
location of config file
-.It Xo
-.Fl k Ar file ,
-.Fl -key-file= Ns Ar file
-.Xc
+.It Fl k Ar file , Fl -key-file= Ns Ar file
location of master key file
-.It Xo
-.Fl r Ar realm ,
-.Fl -realm= Ns Ar realm
-.Xc
+.It Fl r Ar realm , Fl -realm= Ns Ar realm
realm to use
-.It Xo
-.Fl a Ar host ,
-.Fl -admin-server= Ns Ar host
-.Xc
+.It Fl a Ar host , Fl -admin-server= Ns Ar host
server to contact
-.It Xo
-.Fl s Ar port number ,
-.Fl -server-port= Ns Ar port number
-.Xc
+.It Fl s Ar port number , Fl -server-port= Ns Ar port number
port to use
-.It Xo
-.Fl l ,
-.Fl -local
-.Xc
+.It Fl l , Fl -local
local admin mode
.El
.Pp
@@ -150,10 +105,7 @@
.Nm add
.Op Fl r | Fl -random-key
.Op Fl -random-password
-.Oo Fl p Ar string \*(Ba Xo
-.Fl -password= Ns Ar string
-.Xc
-.Oc
+.Op Fl p Ar string \*(Ba Fl -password= Ns Ar string
.Op Fl -key= Ns Ar string
.Op Fl -max-ticket-life= Ns Ar lifetime
.Op Fl -max-renewable-life= Ns Ar lifetime
Index: src/crypto/external/bsd/heimdal/dist/kadmin/kadmind.8
diff -u src/crypto/external/bsd/heimdal/dist/kadmin/kadmind.8:1.1.1.2 src/crypto/external/bsd/heimdal/dist/kadmin/kadmind.8:1.2
--- src/crypto/external/bsd/heimdal/dist/kadmin/kadmind.8:1.1.1.2 Thu Apr 14 14:08:10 2011
+++ src/crypto/external/bsd/heimdal/dist/kadmin/kadmind.8 Thu Apr 14 19:19:19 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: kadmind.8,v 1.1.1.2 2011/04/14 14:08:10 elric Exp $
+.\" $NetBSD: kadmind.8,v 1.2 2011/04/14 19:19:19 elric Exp $
.\"
.\" Copyright (c) 2002 - 2004 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
@@ -120,34 +120,17 @@
.Pp
Supported options:
.Bl -tag -width Ds
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
+.It Fl c Ar file , Fl -config-file= Ns Ar file
location of config file
-.It Xo
-.Fl k Ar file ,
-.Fl -key-file= Ns Ar file
-.Xc
+.It Fl k Ar file , Fl -key-file= Ns Ar file
location of master key file
-.It Xo
-.Fl -keytab= Ns Ar keytab
-.Xc
+.It Fl -keytab= Ns Ar keytab
what keytab to use
-.It Xo
-.Fl r Ar realm ,
-.Fl -realm= Ns Ar realm
-.Xc
+.It Fl r Ar realm , Fl -realm= Ns Ar realm
realm to use
-.It Xo
-.Fl d ,
-.Fl -debug
-.Xc
+.It Fl d , Fl -debug
enable debugging
-.It Xo
-.Fl p Ar port ,
-.Fl -ports= Ns Ar port
-.Xc
+.It Fl p Ar port , Fl -ports= Ns Ar port
ports to listen to. By default, if run as a daemon, it listens to port
749, but you can add any number of ports with this option. The port
string is a whitespace separated list of port specifications, with the
Index: src/crypto/external/bsd/heimdal/dist/kcm/kcm.8
diff -u src/crypto/external/bsd/heimdal/dist/kcm/kcm.8:1.1.1.2 src/crypto/external/bsd/heimdal/dist/kcm/kcm.8:1.2
--- src/crypto/external/bsd/heimdal/dist/kcm/kcm.8:1.1.1.2 Thu Apr 14 14:08:10 2011
+++ src/crypto/external/bsd/heimdal/dist/kcm/kcm.8 Thu Apr 14 19:19:19 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: kcm.8,v 1.1.1.2 2011/04/14 14:08:10 elric Exp $
+.\" $NetBSD: kcm.8,v 1.2 2011/04/14 19:19:19 elric Exp $
.\"
.\" Copyright (c) 2005 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
@@ -129,91 +129,42 @@
.Pp
Supported options:
.Bl -tag -width Ds
-.It Xo
-.Fl -cache-name= Ns Ar cachename
-.Xc
+.It Fl -cache-name= Ns Ar cachename
system cache name
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
+.It Fl c Ar file , Fl -config-file= Ns Ar file
location of config file
-.It Xo
-.Fl g Ar group ,
-.Fl -group= Ns Ar group
-.Xc
+.It Fl g Ar group , Fl -group= Ns Ar group
system cache group
-.It Xo
-.Fl -max-request= Ns Ar size
-.Xc
+.It Fl -max-request= Ns Ar size
max size for a kcm-request
-.It Xo
-.Fl -disallow-getting-krbtgt
-.Xc
+.It Fl -disallow-getting-krbtgt
disallow extracting any krbtgt from the
.Nm kcm
daemon.
-.It Xo
-.Fl -detach
-.Xc
+.It Fl -detach
detach from console
-.It Xo
-.Fl h ,
-.Fl -help
-.Xc
-.It Xo
-.Fl k Ar principal ,
-.Fl -system-principal= Ns Ar principal
-.Xc
+.It Fl h , Fl -help
+.It Fl k Ar principal , Fl -system-principal= Ns Ar principal
system principal name
-.It Xo
-.Fl l Ar time ,
-.Fl -lifetime= Ns Ar time
-.Xc
+.It Fl l Ar time , Fl -lifetime= Ns Ar time
lifetime of system tickets
-.It Xo
-.Fl m Ar mode ,
-.Fl -mode= Ns Ar mode
-.Xc
+.It Fl m Ar mode , Fl -mode= Ns Ar mode
octal mode of system cache
-.It Xo
-.Fl n ,
-.Fl -no-name-constraints
-.Xc
+.It Fl n , Fl -no-name-constraints
disable credentials cache name constraints
-.It Xo
-.Fl r Ar time ,
-.Fl -renewable-life= Ns Ar time
-.Xc
+.It Fl r Ar time , Fl -renewable-life= Ns Ar time
renewable lifetime of system tickets
-.It Xo
-.Fl s Ar path ,
-.Fl -socket-path= Ns Ar path
-.Xc
+.It Fl s Ar path , Fl -socket-path= Ns Ar path
path to kcm domain socket
-.It Xo
-.Fl -door-path= Ns Ar path
-.Xc
+.It Fl -door-path= Ns Ar path
path to kcm door socket
-.It Xo
-.Fl S Ar principal ,
-.Fl -server= Ns Ar principal
-.Xc
+.It Fl S Ar principal , Fl -server= Ns Ar principal
server to get system ticket for
-.It Xo
-.Fl t Ar keytab ,
-.Fl -keytab= Ns Ar keytab
-.Xc
+.It Fl t Ar keytab , Fl -keytab= Ns Ar keytab
system keytab name
-.It Xo
-.Fl u Ar user ,
-.Fl -user= Ns Ar user
-.Xc
+.It Fl u Ar user , Fl -user= Ns Ar user
system cache owner
-.It Xo
-.Fl v ,
-.Fl -version
-.Xc
+.It Fl v , Fl -version
.El
.\".Sh ENVIRONMENT
.\".Sh FILES
Index: src/crypto/external/bsd/heimdal/dist/kdc/hprop.8
diff -u src/crypto/external/bsd/heimdal/dist/kdc/hprop.8:1.1.1.2 src/crypto/external/bsd/heimdal/dist/kdc/hprop.8:1.2
--- src/crypto/external/bsd/heimdal/dist/kdc/hprop.8:1.1.1.2 Thu Apr 14 14:08:12 2011
+++ src/crypto/external/bsd/heimdal/dist/kdc/hprop.8 Thu Apr 14 19:19:19 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: hprop.8,v 1.1.1.2 2011/04/14 14:08:12 elric Exp $
+.\" $NetBSD: hprop.8,v 1.2 2011/04/14 19:19:19 elric Exp $
.\"
.\" Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
@@ -91,19 +91,11 @@
.Pp
Supported options:
.Bl -tag -width Ds
-.It Xo
-.Fl m Ar file ,
-.Fl -master-key= Ns Pa file
-.Xc
+.It Fl m Ar file , Fl -master-key= Ns Pa file
Where to find the master key to encrypt or decrypt keys with.
-.It Xo
-.Fl d Ar file ,
-.Fl -database= Ns Pa file
-.Xc
+.It Fl d Ar file , Fl -database= Ns Pa file
The database to be propagated.
-.It Xo
-.Fl -source= Ns Ar heimdal|mit-dump
-.Xc
+.It Fl -source= Ns Ar heimdal|mit-dump|krb4-dump|kaserver
Specifies the type of the source database. Alternatives include:
.Pp
.Bl -tag -width mit-dump -compact -offset indent
@@ -112,36 +104,21 @@
.It mit-dump
a MIT Kerberos 5 dump file
.El
-.It Xo
-.Fl k Ar keytab ,
-.Fl -keytab= Ns Ar keytab
-.Xc
++.It Fl k Ar keytab , Fl -keytab= Ns Ar keytab
The keytab to use for fetching the key to be used for authenticating
to the propagation daemon(s). The key
.Pa hprop/hostname
is used from this keytab. The default is to fetch the key from the
KDC database.
-.It Xo
-.Fl R Ar string ,
-.Fl -v5-realm= Ns Ar string
-.Xc
+.It Fl R Ar string , Fl -v5-realm= Ns Ar string
Local realm override.
-.It Xo
-.Fl D ,
-.Fl -decrypt
-.Xc
+.It Fl D , Fl -decrypt
The encryption keys in the database can either be in clear, or
encrypted with a master key. This option transmits the database with
unencrypted keys.
-.It Xo
-.Fl E ,
-.Fl -encrypt
-.Xc
+.It Fl E , Fl -encrypt
This option transmits the database with encrypted keys.
-.It Xo
-.Fl n ,
-.Fl -stdout
-.Xc
+.It Fl n , Fl -stdout
Dump the database on stdout, in a format that can be fed to hpropd.
.El
.Sh EXAMPLES
Index: src/crypto/external/bsd/heimdal/dist/kdc/hpropd.8
diff -u src/crypto/external/bsd/heimdal/dist/kdc/hpropd.8:1.1.1.2 src/crypto/external/bsd/heimdal/dist/kdc/hpropd.8:1.2
--- src/crypto/external/bsd/heimdal/dist/kdc/hpropd.8:1.1.1.2 Thu Apr 14 14:08:12 2011
+++ src/crypto/external/bsd/heimdal/dist/kdc/hpropd.8 Thu Apr 14 19:19:19 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: hpropd.8,v 1.1.1.2 2011/04/14 14:08:12 elric Exp $
+.\" $NetBSD: hpropd.8,v 1.2 2011/04/14 19:19:19 elric Exp $
.\"
.\" Copyright (c) 1997, 2000 - 2003 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
@@ -75,34 +75,17 @@
.Pp
Options supported:
.Bl -tag -width Ds
-.It Xo
-.Fl d Ar file ,
-.Fl -database= Ns Ar file
-.Xc
+.It Fl d Ar file , Fl -database= Ns Ar file
database
-.It Xo
-.Fl n ,
-.Fl -stdin
-.Xc
+.It Fl n , Fl -stdin
read from stdin
-.It Xo
-.Fl -print
-.Xc
+.It Fl -print
print dump to stdout
-.It Xo
-.Fl i ,
-.Fl -no-inetd
-.Xc
+.It Fl i , Fl -no-inetd
not started from inetd
-.It Xo
-.Fl k Ar keytab ,
-.Fl -keytab= Ns Ar keytab
-.Xc
+.It Fl k Ar keytab , Fl -keytab= Ns Ar keytab
keytab to use for authentication
-.It Xo
-.Fl 4 ,
-.Fl -v4dump
-.Xc
+.It Fl 4 , Fl -v4dump
create v4 type DB
.El
.Sh SEE ALSO
Index: src/crypto/external/bsd/heimdal/dist/kdc/kdc.8
diff -u src/crypto/external/bsd/heimdal/dist/kdc/kdc.8:1.1.1.2 src/crypto/external/bsd/heimdal/dist/kdc/kdc.8:1.2
--- src/crypto/external/bsd/heimdal/dist/kdc/kdc.8:1.1.1.2 Thu Apr 14 14:08:12 2011
+++ src/crypto/external/bsd/heimdal/dist/kdc/kdc.8 Thu Apr 14 19:19:19 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: kdc.8,v 1.1.1.2 2011/04/14 14:08:12 elric Exp $
+.\" $NetBSD: kdc.8,v 1.2 2011/04/14 19:19:19 elric Exp $
.\"
.\" Copyright (c) 2003 - 2004 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
@@ -74,17 +74,11 @@
.Pp
Options supported:
.Bl -tag -width Ds
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
+.It Fl c Ar file , Fl -config-file= Ns Ar file
Specifies the location of the config file, the default is
.Pa /var/heimdal/kdc.conf .
This is the only value that can't be specified in the config file.
-.It Xo
-.Fl p ,
-.Fl -no-require-preauth
-.Xc
+.It Fl p , Fl -no-require-preauth
Turn off the requirement for pre-autentication in the initial AS-REQ
for all principals.
The use of pre-authentication makes it more difficult to do offline
@@ -97,34 +91,20 @@
The default is to require pre-authentication.
Adding the require-preauth per principal is a more flexible way of
handling this.
-.It Xo
-.Fl -max-request= Ns Ar size
-.Xc
+.It Fl -max-request= Ns Ar size
Gives an upper limit on the size of the requests that the kdc is
willing to handle.
-.It Xo
-.Fl H ,
-.Fl -enable-http
-.Xc
+.It Fl H , Fl -enable-http
Makes the kdc listen on port 80 and handle requests encapsulated in HTTP.
-.It Xo
-.Fl -no-524
-.Xc
+.It Fl -no-524
don't respond to 524 requests
-.It Xo
-.Fl -kerberos4
-.Xc
+.It Fl -kerberos4
respond to Kerberos 4 requests
-.It Xo
-.Fl -kerberos4-cross-realm
-.Xc
+.It Fl -kerberos4-cross-realm
respond to Kerberos 4 requests from foreign realms.
This is a known security hole and should not be enabled unless you
understand the consequences and are willing to live with them.
-.It Xo
-.Fl r Ar string ,
-.Fl -v4-realm= Ns Ar string
-.Xc
+.It Fl r Ar string , Fl -v4-realm= Ns Ar string
What realm this server should act as when dealing with version 4
requests.
The database can contain any number of realms, but since the version 4
@@ -134,15 +114,9 @@
.Fn krb_get_lrealm .
This option is only availabe if the KDC has been compiled with version
4 support.
-.It Xo
-.Fl K ,
-.Fl -kaserver
-.Xc
+.It Fl K , Fl -kaserver
Enable kaserver emulation (in case it's compiled in).
-.It Xo
-.Fl P Ar portspec ,
-.Fl -ports= Ns Ar portspec
-.Xc
+.It Fl P Ar portspec , Fl -ports= Ns Ar portspec
Specifies the set of ports the KDC should listen on.
It is given as a
white-space separated list of services or port numbers.
@@ -200,11 +174,8 @@
.It Li max-kdc-datagram-reply-length = Va number
Maximum packet size the UDP rely that the KDC will transmit, instead
the KDC sends back a reply telling the client to use TCP instead.
-.It Li transited-policy = Xo
-.Li always-check \*(Ba
-.Li allow-per-principal |
-.Li always-honour-request
-.Xc
+.It Li transited-policy = Li always-check \*(Ba \
+Li allow-per-principal | Li always-honour-request
This controls how KDC requests with the
.Li disable-transited-check
flag are handled. It can be one of:
Index: src/crypto/external/bsd/heimdal/dist/kdc/kstash.8
diff -u src/crypto/external/bsd/heimdal/dist/kdc/kstash.8:1.1.1.2 src/crypto/external/bsd/heimdal/dist/kdc/kstash.8:1.2
--- src/crypto/external/bsd/heimdal/dist/kdc/kstash.8:1.1.1.2 Thu Apr 14 14:08:17 2011
+++ src/crypto/external/bsd/heimdal/dist/kdc/kstash.8 Thu Apr 14 19:19:19 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: kstash.8,v 1.1.1.2 2011/04/14 14:08:17 elric Exp $
+.\" $NetBSD: kstash.8,v 1.2 2011/04/14 19:19:19 elric Exp $
.\"
.\" Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
@@ -64,28 +64,16 @@
.Pp
Supported options:
.Bl -tag -width Ds
-.It Xo
-.Fl e Ar string ,
-.Fl -enctype= Ns Ar string
-.Xc
+.It Fl e Ar string , Fl -enctype= Ns Ar string
the encryption type to use, defaults to DES3-CBC-SHA1.
-.It Xo
-.Fl k Ar file ,
-.Fl -key-file= Ns Ar file
-.Xc
+.It Fl k Ar file , Fl -key-file= Ns Ar file
the name of the master key file.
-.It Xo
-.Fl -convert-file
-.Xc
+.It Fl -convert-file
don't ask for a new master key, just read an old master key file, and
write it back in the new keyfile format.
-.It Xo
-.Fl -random-key
-.Xc
+.It Fl -random-key
generate a random master key.
-.It Xo
-.Fl -master-key-fd= Ns Ar fd
-.Xc
+.It Fl -master-key-fd= Ns Ar fd
filedescriptor to read passphrase from, if not specified the
passphrase will be read from the terminal.
.El
Index: src/crypto/external/bsd/heimdal/dist/kdc/string2key.8
diff -u src/crypto/external/bsd/heimdal/dist/kdc/string2key.8:1.1.1.2 src/crypto/external/bsd/heimdal/dist/kdc/string2key.8:1.2
--- src/crypto/external/bsd/heimdal/dist/kdc/string2key.8:1.1.1.2 Thu Apr 14 14:08:18 2011
+++ src/crypto/external/bsd/heimdal/dist/kdc/string2key.8 Thu Apr 14 19:19:19 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: string2key.8,v 1.1.1.2 2011/04/14 14:08:18 elric Exp $
+.\" $NetBSD: string2key.8,v 1.2 2011/04/14 19:19:19 elric Exp $
.\"
.\" Copyright (c) 2000 - 2002 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
@@ -67,46 +67,21 @@
This is useful when you want to handle the raw key instead of the password.
Supported options:
.Bl -tag -width Ds
-.It Xo
-.Fl 5 ,
-.Fl -version5
-.Xc
+.It Fl 5 , Fl -version5
Output Kerberos v5 string-to-key
-.It Xo
-.Fl 4 ,
-.Fl -version4
-.Xc
+.It Fl 4 , Fl -version4
Output Kerberos v4 string-to-key
-.It Xo
-.Fl a ,
-.Fl -afs
-.Xc
+.It Fl a , Fl -afs
Output AFS string-to-key
-.It Xo
-.Fl c Ar cell ,
-.Fl -cell= Ns Ar cell
-.Xc
+.It Fl c Ar cell , Fl -cell= Ns Ar cell
AFS cell to use
-.It Xo
-.Fl w Ar password ,
-.Fl -password= Ns Ar password
-.Xc
+.It Fl w Ar password , Fl -password= Ns Ar password
Password to use
-.It Xo
-.Fl p Ar principal ,
-.Fl -principal= Ns Ar principal
-.Xc
+.It Fl p Ar principal , Fl -principal= Ns Ar principal
Kerberos v5 principal to use
-.It Xo
-.Fl k Ar string ,
-.Fl -keytype= Ns Ar string
-.Xc
+.It Fl k Ar string , Fl -keytype= Ns Ar string
Keytype
-.It Xo
-.Fl -version
-.Xc
+.It Fl -version
print version
-.It Xo
-.Fl -help
-.Xc
+.It Fl -help
.El
Index: src/crypto/external/bsd/heimdal/dist/kpasswd/kpasswdd.8
diff -u src/crypto/external/bsd/heimdal/dist/kpasswd/kpasswdd.8:1.1.1.1 src/crypto/external/bsd/heimdal/dist/kpasswd/kpasswdd.8:1.2
--- src/crypto/external/bsd/heimdal/dist/kpasswd/kpasswdd.8:1.1.1.1 Wed Apr 13 18:14:38 2011
+++ src/crypto/external/bsd/heimdal/dist/kpasswd/kpasswdd.8 Thu Apr 14 19:19:19 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: kpasswdd.8,v 1.1.1.1 2011/04/13 18:14:38 elric Exp $
+.\" $NetBSD: kpasswdd.8,v 1.2 2011/04/14 19:19:19 elric Exp $
.\"
.\" Copyright (c) 1997, 2000 - 2005 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
@@ -66,20 +66,14 @@
.Pp
Supported options:
.Bl -tag -width Ds
-.It Xo
-.Fl -addresses= Ns Ar address
-.Xc
+.It Fl -addresses= Ns Ar address
For each till the argument is given, add the address to what kpasswdd
should listen too.
-.It Xo
-.Fl -check-library= Ns Ar library
-.Xc
+.It Fl -check-library= Ns Ar library
If your system has support for dynamic loading of shared libraries,
you can use an external function to check password quality. This
option specifies which library to load.
-.It Xo
-.Fl -check-function= Ns Ar function
-.Xc
+.It Fl -check-function= Ns Ar function
This is the function to call in the loaded library. The function
should look like this:
.Pp
@@ -94,20 +88,11 @@
is the new password. Note that the password (in
.Fa password->data )
is not zero terminated.
-.It Xo
-.Fl k Ar kspec ,
-.Fl -keytab= Ns Ar kspec
-.Xc
+.It Fl k Ar kspec , Fl -keytab= Ns Ar kspec
Keytab to get authentication key from.
-.It Xo
-.Fl r Ar realm ,
-.Fl -realm= Ns Ar realm
-.Xc
+.It Fl r Ar realm , Fl -realm= Ns Ar realm
Default realm.
-.It Xo
-.Fl p Ar string ,
-.Fl -port= Ns Ar string
-.Xc
+.It Fl p Ar string , Fl -port= Ns Ar string
Port to listen on (default service kpasswd - 464).
.El
.Sh DIAGNOSTICS
Index: src/crypto/external/bsd/heimdal/dist/kuser/kdestroy.1
diff -u src/crypto/external/bsd/heimdal/dist/kuser/kdestroy.1:1.1.1.2 src/crypto/external/bsd/heimdal/dist/kuser/kdestroy.1:1.2
--- src/crypto/external/bsd/heimdal/dist/kuser/kdestroy.1:1.1.1.2 Thu Apr 14 14:08:18 2011
+++ src/crypto/external/bsd/heimdal/dist/kuser/kdestroy.1 Thu Apr 14 19:19:19 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: kdestroy.1,v 1.1.1.2 2011/04/14 14:08:18 elric Exp $
+.\" $NetBSD: kdestroy.1,v 1.2 2011/04/14 19:19:19 elric Exp $
.\"
.\" Copyright (c) 1997, 1999, 2001, 2004, 2006 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
@@ -38,7 +38,7 @@
.Os
.Sh NAME
.Nm kdestroy
-.Nd remove one credental or destroy the current ticket file
+.Nd remove one credential or destroy the current ticket file
.Sh SYNOPSIS
.Nm
.Bk -words
Index: src/crypto/external/bsd/heimdal/dist/kuser/kgetcred.1
diff -u src/crypto/external/bsd/heimdal/dist/kuser/kgetcred.1:1.1.1.2 src/crypto/external/bsd/heimdal/dist/kuser/kgetcred.1:1.2
--- src/crypto/external/bsd/heimdal/dist/kuser/kgetcred.1:1.1.1.2 Thu Apr 14 14:08:18 2011
+++ src/crypto/external/bsd/heimdal/dist/kuser/kgetcred.1 Thu Apr 14 19:19:19 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: kgetcred.1,v 1.1.1.2 2011/04/14 14:08:18 elric Exp $
+.\" $NetBSD: kgetcred.1,v 1.2 2011/04/14 19:19:19 elric Exp $
.\"
.\" Copyright (c) 1999, 2001 - 2002 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
@@ -63,30 +63,16 @@
.Pp
Supported options:
.Bl -tag -width Ds
-.It Xo
-.Fl -canonicalize
-.Xc
+.It Fl -canonicalize
requests that the KDC canonicalize the principal.
-.It Xo
-.Fl c Ar cache ,
-.Fl -cache= Ns Ar cache
-.Xc
+.It Fl c Ar cache , Fl -cache= Ns Ar cache
the credential cache to use.
-.It Xo
-.Fl e Ar enctype ,
-.Fl -enctype= Ns Ar enctype
-.Xc
+.It Fl e Ar enctype , Fl -enctype= Ns Ar enctype
encryption type to use.
-.It Xo
-.Fl -no-transit-check
-.Xc
-requests that the KDC doesn't do trasnit checking.
-.It Xo
-.Fl -version
-.Xc
-.It Xo
-.Fl -help
-.Xc
+.It Fl -no-transit-check
+requests that the KDC doesn't do transit checking.
+.It Fl -version
+.It Fl -help
.El
.Sh SEE ALSO
.Xr kinit 1 ,
Index: src/crypto/external/bsd/heimdal/dist/kuser/kimpersonate.8
diff -u src/crypto/external/bsd/heimdal/dist/kuser/kimpersonate.8:1.1.1.2 src/crypto/external/bsd/heimdal/dist/kuser/kimpersonate.8:1.2
--- src/crypto/external/bsd/heimdal/dist/kuser/kimpersonate.8:1.1.1.2 Thu Apr 14 14:08:18 2011
+++ src/crypto/external/bsd/heimdal/dist/kuser/kimpersonate.8 Thu Apr 14 19:19:19 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: kimpersonate.8,v 1.1.1.2 2011/04/14 14:08:18 elric Exp $
+.\" $NetBSD: kimpersonate.8,v 1.2 2011/04/14 19:19:19 elric Exp $
.\"
.\" Copyright (c) 2002 - 2007 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
@@ -42,28 +42,14 @@
impersonate a user when there exist a srvtab, keyfile or KeyFile
.Sh SYNOPSIS
.Nm
-.Oo Fl s Ar string \*(Ba Xo
-.Fl -server= Ns Ar string Oc
-.Xc
-.Oo Fl c Ar string \*(Ba Xo
-.Fl -client= Ns Ar string Oc
-.Xc
-.Oo Fl k Ar string \*(Ba Xo
-.Fl -keytab= Ns Ar string Oc
-.Xc
+.Op Fl s Ar string \*(Ba Fl -server= Ns Ar string
+.Op Fl c Ar string \*(Ba Fl -client= Ns Ar string
+.Op Fl k Ar string \*(Ba Fl -keytab= Ns Ar string
.Op Fl 5 | Fl -krb5
-.Oo Fl e Ar integer \*(Ba Xo
-.Fl -expire-time= Ns Ar integer Oc
-.Xc
-.Oo Fl a Ar string \*(Ba Xo
-.Fl -client-address= Ns Ar string Oc
-.Xc
-.Oo Fl t Ar string \*(Ba Xo
-.Fl -enc-type= Ns Ar string Oc
-.Xc
-.Oo Fl f Ar string \*(Ba Xo
-.Fl -ticket-flags= Ns Ar string Oc
-.Xc
+.Op Fl e Ar integer \*(Ba Fl -expire-time= Ns Ar integer
+.Op Fl a Ar string \*(Ba Fl -client-address= Ns Ar string
+.Op Fl t Ar string \*(Ba Fl -enc-type= Ns Ar string
+.Op Fl f Ar string \*(Ba Fl -ticket-flags= Ns Ar string
.Op Fl -verbose
.Op Fl -version
.Op Fl -help
@@ -75,57 +61,27 @@
(if compiled with support for Kerberos 4) a Kerberos 4 srvtab.
Supported options:
.Bl -tag -width Ds
-.It Xo
-.Fl s Ar string Ns ,
-.Fl -server= Ns Ar string
-.Xc
+.It Fl s Ar string Ns , Fl -server= Ns Ar string
name of server principal
-.It Xo
-.Fl c Ar string Ns ,
-.Fl -client= Ns Ar string
-.Xc
+.It Fl c Ar string Ns , Fl -client= Ns Ar string
name of client principal
-.It Xo
-.Fl k Ar string Ns ,
-.Fl -keytab= Ns Ar string
-.Xc
+.It Fl k Ar string Ns , Fl -keytab= Ns Ar string
name of keytab file
-.It Xo
-.Fl 5 Ns ,
-.Fl -krb5
-.Xc
+.It Fl 5 Ns , Fl -krb5
create a Kerberos 5 ticket
-.It Xo
-.Fl e Ar integer Ns ,
-.Fl -expire-time= Ns Ar integer
-.Xc
+.It Fl e Ar integer Ns , Fl -expire-time= Ns Ar integer
lifetime of ticket in seconds
-.It Xo
-.Fl a Ar string Ns ,
-.Fl -client-address= Ns Ar string
-.Xc
+.It Fl a Ar string Ns , Fl -client-address= Ns Ar string
address of client
-.It Xo
-.Fl t Ar string Ns ,
-.Fl -enc-type= Ns Ar string
-.Xc
+.It Fl t Ar string Ns , Fl -enc-type= Ns Ar string
encryption type
-.It Xo
-.Fl f Ar string Ns ,
-.Fl -ticket-flags= Ns Ar string
-.Xc
+.It Fl f Ar string Ns , Fl -ticket-flags= Ns Ar string
ticket flags for krb5 ticket
-.It Xo
-.Fl -verbose
-.Xc
+.It Fl -verbose
Verbose output
-.It Xo
-.Fl -version
-.Xc
+.It Fl -version
Print version
-.It Xo
-.Fl -help
-.Xc
+.It Fl -help
.El
.Sh FILES
Uses
@@ -133,9 +89,9 @@
.Pa /etc/srvtab
and
.Pa /usr/afs/etc/KeyFile
-when avalible and the the
+when available and the
.Fl k
-is used with appropriate prefix.
+option is used with an appropriate prefix.
.Sh EXAMPLES
.Nm
can be used in
Index: src/crypto/external/bsd/heimdal/dist/kuser/kinit.1
diff -u src/crypto/external/bsd/heimdal/dist/kuser/kinit.1:1.1.1.2 src/crypto/external/bsd/heimdal/dist/kuser/kinit.1:1.2
--- src/crypto/external/bsd/heimdal/dist/kuser/kinit.1:1.1.1.2 Thu Apr 14 14:08:19 2011
+++ src/crypto/external/bsd/heimdal/dist/kuser/kinit.1 Thu Apr 14 19:19:19 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: kinit.1,v 1.1.1.2 2011/04/14 14:08:19 elric Exp $
+.\" $NetBSD: kinit.1,v 1.2 2011/04/14 19:19:19 elric Exp $
.\"
.\" Copyright (c) 1998 - 2003, 2006 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
@@ -98,41 +98,23 @@
.Pp
Supported options:
.Bl -tag -width Ds
-.It Xo
-.Fl c Ar cachename
-.Fl -cache= Ns Ar cachename
-.Xc
+.It Fl c Ar cachename Fl -cache= Ns Ar cachename
The credentials cache to put the acquired ticket in, if other than
default.
-.It Xo
-.Fl f
-.Fl -no-forwardable
-.Xc
+.It Fl f Fl -no-forwardable
Get ticket that can be forwarded to another host, or if the negative
flags use, don't get a forwardable flag.
-.It Xo
-.Fl t Ar keytabname ,
-.Fl -keytab= Ns Ar keytabname
-.Xc
+.It Fl t Ar keytabname , Fl -keytab= Ns Ar keytabname
Don't ask for a password, but instead get the key from the specified
keytab.
-.It Xo
-.Fl l Ar time ,
-.Fl -lifetime= Ns Ar time
-.Xc
+.It Fl l Ar time , Fl -lifetime= Ns Ar time
Specifies the lifetime of the ticket.
The argument can either be in seconds, or a more human readable string
like
.Sq 1h .
-.It Xo
-.Fl p ,
-.Fl -proxiable
-.Xc
+.It Fl p , Fl -proxiable
Request tickets with the proxiable flag set.
-.It Xo
-.Fl R ,
-.Fl -renew
-.Xc
+.It Fl R , Fl -renew
Try to renew ticket.
The ticket must have the
.Sq renewable
@@ -141,46 +123,26 @@
The same as
.Fl -renewable-life ,
with an infinite time.
-.It Xo
-.Fl r Ar time ,
-.Fl -renewable-life= Ns Ar time
-.Xc
+.It Fl r Ar time , Fl -renewable-life= Ns Ar time
The max renewable ticket life.
-.It Xo
-.Fl S Ar principal ,
-.Fl -server= Ns Ar principal
-.Xc
+.It Fl S Ar principal , Fl -server= Ns Ar principal
Get a ticket for a service other than krbtgt/LOCAL.REALM.
-.It Xo
-.Fl s Ar time ,
-.Fl -start-time= Ns Ar time
-.Xc
+.It Fl s Ar time , Fl -start-time= Ns Ar time
Obtain a ticket that starts to be valid
.Ar time
(which can really be a generic time specification, like
.Sq 1h )
seconds into the future.
-.It Xo
-.Fl k ,
-.Fl -use-keytab
-.Xc
+.It Fl k , Fl -use-keytab
The same as
.Fl -keytab ,
but with the default keytab name (normally
.Ar FILE:/etc/krb5.keytab ) .
-.It Xo
-.Fl v ,
-.Fl -validate
-.Xc
+.It Fl v , Fl -validate
Try to validate an invalid ticket.
-.It Xo
-.Fl e ,
-.Fl -enctypes= Ns Ar enctypes
-.Xc
+.It Fl e , Fl -enctypes= Ns Ar enctypes
Request tickets with this particular enctype.
-.It Xo
-.Fl -password-file= Ns Ar filename
-.Xc
+.It Fl -password-file= Ns Ar filename
read the password from the first line of
.Ar filename .
If the
@@ -188,15 +150,10 @@
is
.Ar STDIN ,
the password will be read from the standard input.
-.It Xo
-.Fl -fcache-version= Ns Ar version-number
-.Xc
+.It Fl -fcache-version= Ns Ar version-number
Create a credentials cache of version
.Ar version-number .
-.It Xo
-.Fl a ,
-.Fl -extra-addresses= Ns Ar enctypes
-.Xc
+.It Fl a , Fl -extra-addresses= Ns Ar enctypes
Adds a set of addresses that will, in addition to the systems local
addresses, be put in the ticket.
This can be useful if all addresses a client can use can't be
@@ -206,20 +163,13 @@
.Li libdefaults/extra_addresses
in
.Xr krb5.conf 5 .
-.It Xo
-.Fl A ,
-.Fl -no-addresses
-.Xc
+.It Fl A , Fl -no-addresses
Request a ticket with no addresses.
-.It Xo
-.Fl -anonymous
-.Xc
+.It Fl -anonymous
Request an anonymous ticket (which means that the ticket will be
issued to an anonymous principal, typically
.Dq anonymous@REALM ) .
-.It Xo
-.Fl -enterprise
-.Xc
+.It Fl -enterprise
Parse principal as a enterprise (KRB5-NT-ENTERPRISE) name. Enterprise
names are email like principals that are stored in the name part of
the principal, and since there are two @ characters the parser needs
Index: src/crypto/external/bsd/heimdal/dist/kuser/klist.1
diff -u src/crypto/external/bsd/heimdal/dist/kuser/klist.1:1.1.1.2 src/crypto/external/bsd/heimdal/dist/kuser/klist.1:1.2
--- src/crypto/external/bsd/heimdal/dist/kuser/klist.1:1.1.1.2 Thu Apr 14 14:08:19 2011
+++ src/crypto/external/bsd/heimdal/dist/kuser/klist.1 Thu Apr 14 19:19:19 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: klist.1,v 1.1.1.2 2011/04/14 14:08:19 elric Exp $
+.\" $NetBSD: klist.1,v 1.2 2011/04/14 19:19:19 elric Exp $
.\"
.\" Copyright (c) 2000 - 2005 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
@@ -62,27 +62,14 @@
.Pp
Options supported:
.Bl -tag -width Ds
-.It Xo
-.Fl c Ar cache ,
-.Fl -cache= Ns Ar cache
-.Xc
+.It Fl c Ar cache , Fl -cache= Ns Ar cache
credential cache to list
-.It Xo
-.Fl s ,
-.Fl t ,
-.Fl -test
-.Xc
+.It Fl s , Fl t , Fl -test
Test for there being an active and valid TGT for the local realm of
the user in the credential cache.
-.It Xo
-.Fl T ,
-.Fl -tokens
-.Xc
+.It Fl T , Fl -tokens
display AFS tokens
-.It Xo
-.Fl 5 ,
-.Fl -v5
-.Xc
+.It Fl 5 , Fl -v5
display v5 cred cache (this is the default)
.It Fl f
Include ticket flags in short form, each character stands for a
@@ -115,10 +102,7 @@
This information is also output with the
.Fl -verbose
option, but in a more verbose way.
-.It Xo
-.Fl v ,
-.Fl -verbose
-.Xc
+.It Fl v , Fl -verbose
Verbose output. Include all possible information:
.Bl -tag -width XXXX -offset indent
.It Server
@@ -143,10 +127,7 @@
.It Addresses
the set of addresses from which this ticket is valid
.El
-.It Xo
-.Fl l ,
-.Fl -list-caches
-.Xc
+.It Fl l , Fl -list-caches
List the credential caches for the current users, not all cache types
supports listing multiple caches.
.Pp
Index: src/crypto/external/bsd/heimdal/dist/lib/gssapi/gssapi.3
diff -u src/crypto/external/bsd/heimdal/dist/lib/gssapi/gssapi.3:1.1.1.2 src/crypto/external/bsd/heimdal/dist/lib/gssapi/gssapi.3:1.2
--- src/crypto/external/bsd/heimdal/dist/lib/gssapi/gssapi.3:1.1.1.2 Thu Apr 14 14:08:24 2011
+++ src/crypto/external/bsd/heimdal/dist/lib/gssapi/gssapi.3 Thu Apr 14 19:19:19 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: gssapi.3,v 1.1.1.2 2011/04/14 14:08:24 elric Exp $
+.\" $NetBSD: gssapi.3,v 1.2 2011/04/14 19:19:19 elric Exp $
.\"
.\" Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
@@ -55,57 +55,52 @@
.Em libgssapi .
Declarations for these functions may be obtained from the include file
.Pa gssapi/gssapi.h .
-.sp 2
-.nf
-.ta \w'gss_inquire_names_for_mech'u+2n +\w'Description goes here'u
-\fIName/Page\fP \fIDescription\fP
-.ta \w'gss_inquire_names_for_mech'u+2n +\w'Description goes here'u+6nC
-.sp 5p
-gss_accept_sec_context.3
-gss_acquire_cred.3
-gss_add_cred.3
-gss_add_oid_set_member.3
-gss_canonicalize_name.3
-gss_compare_name.3
-gss_context_time.3
-gss_create_empty_oid_set.3
-gss_delete_sec_context.3
-gss_display_name.3
-gss_display_status.3
-gss_duplicate_name.3
-gss_export_name.3
-gss_export_sec_context.3
-gss_get_mic.3
-gss_import_name.3
-gss_import_sec_context.3
-gss_indicate_mechs.3
-gss_init_sec_context.3
-gss_inquire_context.3
-gss_inquire_cred.3
-gss_inquire_cred_by_mech.3
-gss_inquire_mechs_for_name.3
-gss_inquire_names_for_mech.3
-gss_krb5_ccache_name.3
-gss_krb5_compat_des3_mic.3
-gss_krb5_copy_ccache.3
-gss_krb5_extract_authz_data_from_sec_context.3
-gss_krb5_import_ccache.3
-gss_process_context_token.3
-gss_release_buffer.3
-gss_release_cred.3
-gss_release_name.3
-gss_release_oid_set.3
-gss_seal.3
-gss_sign.3
-gss_test_oid_set_member.3
-gss_unseal.3
-gss_unwrap.3
-gss_verify.3
-gss_verify_mic.3
-gss_wrap.3
-gss_wrap_size_limit.3
-.ta
-.Fi
+.Bl -column -compact
+.It Sy Name/Page
+.It Xr gss_accept_sec_context 3
+.It Xr gss_acquire_cred 3
+.It Xr gss_add_cred 3
+.It Xr gss_add_oid_set_member 3
+.It Xr gss_canonicalize_name 3
+.It Xr gss_compare_name 3
+.It Xr gss_context_time 3
+.It Xr gss_create_empty_oid_set 3
+.It Xr gss_delete_sec_context 3
+.It Xr gss_display_name 3
+.It Xr gss_display_status 3
+.It Xr gss_duplicate_name 3
+.It Xr gss_export_name 3
+.It Xr gss_export_sec_context 3
+.It Xr gss_get_mic 3
+.It Xr gss_import_name 3
+.It Xr gss_import_sec_context 3
+.It Xr gss_indicate_mechs 3
+.It Xr gss_init_sec_context 3
+.It Xr gss_inquire_context 3
+.It Xr gss_inquire_cred 3
+.It Xr gss_inquire_cred_by_mech 3
+.It Xr gss_inquire_mechs_for_name 3
+.It Xr gss_inquire_names_for_mech 3
+.It Xr gss_krb5_ccache_name 3
+.It Xr gss_krb5_compat_des3_mic 3
+.It Xr gss_krb5_copy_ccache 3
+.It Xr gss_krb5_extract_authz_data_from_sec_context 3
+.It Xr gss_krb5_import_ccache 3
+.It Xr gss_process_context_token 3
+.It Xr gss_release_buffer 3
+.It Xr gss_release_cred 3
+.It Xr gss_release_name 3
+.It Xr gss_release_oid_set 3
+.It Xr gss_seal 3
+.It Xr gss_sign 3
+.It Xr gss_test_oid_set_member 3
+.It Xr gss_unseal 3
+.It Xr gss_unwrap 3
+.It Xr gss_verify 3
+.It Xr gss_verify_mic 3
+.It Xr gss_wrap 3
+.It Xr gss_wrap_size_limit 3
+.El
.Sh COMPATIBILITY
The
.Nm Heimdal
Index: src/crypto/external/bsd/heimdal/dist/lib/kadm5/iprop-log.8
diff -u src/crypto/external/bsd/heimdal/dist/lib/kadm5/iprop-log.8:1.1.1.2 src/crypto/external/bsd/heimdal/dist/lib/kadm5/iprop-log.8:1.2
--- src/crypto/external/bsd/heimdal/dist/lib/kadm5/iprop-log.8:1.1.1.2 Thu Apr 14 14:09:16 2011
+++ src/crypto/external/bsd/heimdal/dist/lib/kadm5/iprop-log.8 Thu Apr 14 19:19:20 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: iprop-log.8,v 1.1.1.2 2011/04/14 14:09:16 elric Exp $
+.\" $NetBSD: iprop-log.8,v 1.2 2011/04/14 19:19:20 elric Exp $
.\"
.\" Id
.\"
@@ -85,28 +85,17 @@
.Sh DESCRIPTION
Supported options:
.Bl -tag -width Ds
-.It Xo
-.Fl -version
-.Xc
-.It Xo
-.Fl h ,
-.Fl -help
-.Xc
+.It Fl -version
+.It Fl h , Fl -help
.El
.Pp
command can be one of the following:
.Bl -tag -width truncate
.It truncate
.Bl -tag -width Ds
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
+.It Fl c Ar file , Fl -config-file= Ns Ar file
configuration file
-.It Xo
-.Fl r Ar string ,
-.Fl -realm= Ns Ar string
-.Xc
+.It Fl r Ar string , Fl -realm= Ns Ar string
realm
.El
.Pp
@@ -115,38 +104,22 @@
file, the log will start over at the first version (0).
.It dump
.Bl -tag -width Ds
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
+.It Fl c Ar file , Fl -config-file= Ns Ar file
configuration file
-.It Xo
-.Fl r Ar string ,
-.Fl -realm= Ns Ar string
-.Xc
+.It Fl r Ar string , Fl -realm= Ns Ar string
realm
.El
.Pp
Print out all entires in the log to standard output.
.It replay
.Bl -tag -width Ds
-.It Xo
-.Fl -start-version= Ns Ar version-number
-.Xc
+.It Fl -start-version= Ns Ar version-number
start replay with this version
-.It Xo
-.Fl -end-version= Ns Ar version-number
-.Xc
+.It Fl -end-version= Ns Ar version-number
end replay with this version
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
+.It Fl c Ar file , Fl -config-file= Ns Ar file
configuration file
-.It Xo
-.Fl r Ar string ,
-.Fl -realm= Ns Ar string
-.Xc
+.It Fl r Ar string , Fl -realm= Ns Ar string
realm
.El
.Pp
@@ -154,15 +127,9 @@
specified) in the transaction log to the database.
.It last-version
.Bl -tag -width Ds
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
+.It Fl c Ar file , Fl -config-file= Ns Ar file
configuration file
-.It Xo
-.Fl r Ar string ,
-.Fl -realm= Ns Ar string
-.Xc
+.It Fl r Ar string , Fl -realm= Ns Ar string
realm
.El
.Pp
Index: src/crypto/external/bsd/heimdal/dist/lib/kadm5/iprop.8
diff -u src/crypto/external/bsd/heimdal/dist/lib/kadm5/iprop.8:1.1.1.2 src/crypto/external/bsd/heimdal/dist/lib/kadm5/iprop.8:1.2
--- src/crypto/external/bsd/heimdal/dist/lib/kadm5/iprop.8:1.1.1.2 Thu Apr 14 14:09:16 2011
+++ src/crypto/external/bsd/heimdal/dist/lib/kadm5/iprop.8 Thu Apr 14 19:19:20 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: iprop.8,v 1.1.1.2 2011/04/14 14:09:16 elric Exp $
+.\" $NetBSD: iprop.8,v 1.2 2011/04/14 19:19:20 elric Exp $
.\"
.\" Id
.\"
@@ -40,51 +40,49 @@
.Nm iprop ,
.Nm ipropd-master ,
.Nm ipropd-slave
-.Nd
-propagate changes to a Heimdal Kerberos master KDC to slave KDCs
+.Nd propagate changes to a Heimdal Kerberos master KDC to slave KDCs
.Sh SYNOPSIS
.Nm ipropd-master
.Oo Fl c Ar string \*(Ba Xo
-.Fl -config-file= Ns Ar string
+.Fl Fl config-file= Ns Ar string
.Xc
.Oc
.Oo Fl r Ar string \*(Ba Xo
-.Fl -realm= Ns Ar string
+.Fl Fl realm= Ns Ar string
.Xc
.Oc
.Oo Fl k Ar kspec \*(Ba Xo
-.Fl -keytab= Ns Ar kspec
+.Fl Fl keytab= Ns Ar kspec
.Xc
.Oc
.Oo Fl d Ar file \*(Ba Xo
-.Fl -database= Ns Ar file
+.Fl Fl database= Ns Ar file
.Xc
.Oc
-.Op Fl -slave-stats-file= Ns Ar file
-.Op Fl -time-missing= Ns Ar time
-.Op Fl -time-gone= Ns Ar time
-.Op Fl -detach
-.Op Fl -version
-.Op Fl -help
+.Op Fl Fl slave-stats-file= Ns Ar file
+.Op Fl Fl time-missing= Ns Ar time
+.Op Fl Fl time-gone= Ns Ar time
+.Op Fl Fl detach
+.Op Fl Fl version
+.Op Fl Fl help
.Nm ipropd-slave
.Oo Fl c Ar string \*(Ba Xo
-.Fl -config-file= Ns Ar string
+.Fl Fl config-file= Ns Ar string
.Xc
.Oc
.Oo Fl r Ar string \*(Ba Xo
-.Fl -realm= Ns Ar string
+.Fl Fl realm= Ns Ar string
.Xc
.Oc
.Oo Fl k Ar kspec \*(Ba Xo
-.Fl -keytab= Ns Ar kspec
+.Fl Fl keytab= Ns Ar kspec
.Xc
.Oc
-.Op Fl -time-lost= Ns Ar time
-.Op Fl -detach
-.Op Fl -version
-.Op Fl -help
+.Op Fl Fl time-lost= Ns Ar time
+.Op Fl Fl detach
+.Op Fl Fl version
+.Op Fl Fl help
.Ar master
-.Pp
.Sh DESCRIPTION
.Nm ipropd-master
is used to propagate changes to a Heimdal Kerberos database from the
@@ -98,9 +96,9 @@
.Pa /var/heimdal/slaves .
This has principals one per-line of the form
.Dl iprop/ Ns Ar slave Ns @ Ns Ar REALM
-where
-.Ar slave
-is the hostname of the slave server in the given
+where
+.Ar slave
+is the hostname of the slave server in the given
.Ar REALM ,
e.g.\&
.Dl iprop/kerberos-1.example....@example.com
@@ -112,20 +110,23 @@
.Xr hprop 8 ,
which sends the whole database to the slaves regularly,
.Nm
-normally sends only the changes as they happen on the master. The
-master keeps track of all the changes by assigning a version number to
-every change to the database. The slaves know which was the latest
-version they saw, and in this way it can be determined if they are in
-sync or not. A log of all the changes is kept on the master. When a
-slave is at an older version than the oldest one in the log, the whole
-database has to be sent.
+normally sends only the changes as they happen on the master.
+The master keeps track of all the changes by assigning a version
+number to every change to the database.
+The slaves know which was the latest version they saw, and in this
+way it can be determined if they are in sync or not.
+A log of all the changes is kept on the master.
+When a slave is at an older version than the oldest one in the log,
+the whole database has to be sent.
.Pp
The changes are propagated over a secure channel (on port 2121 by
-default). This should normally be defined as
+default).
+This should normally be defined as
.Dq iprop/tcp
in
.Pa /etc/services
-or another source of the services database. The master and slaves
+or another source of the services database.
+The master and slaves
must each have access to a keytab with keys for the
.Nm iprop
service principal on the local host.
@@ -138,78 +139,37 @@
Supported options for
.Nm ipropd-master :
.Bl -tag -width Ds
-.It Xo
-.Fl c Ar string ,
-.Fl -config-file= Ns Ar string
-.Xc
-.It Xo
-.Fl r Ar string ,
-.Fl -realm= Ns Ar string
-.Xc
-.It Xo
-.Fl k Ar kspec ,
-.Fl -keytab= Ns Ar kspec
-.Xc
+.It Fl c Ar string , Fl Fl config-file= Ns Ar string
+.It Fl r Ar string , Fl Fl realm= Ns Ar string
+.It Fl k Ar kspec , Fl Fl keytab= Ns Ar kspec
keytab to get authentication from
-.It Xo
-.Fl d Ar file ,
-.Fl -database= Ns Ar file
-.Xc
+.It Fl d Ar file , Fl Fl database= Ns Ar file
Database (default per KDC)
-.It Xo
-.Fl -slave-stats-file= Ns Ar file
-.Xc
+.It Fl Fl slave-stats-file= Ns Ar file
file for slave status information
-.It Xo
-.Fl -time-missing= Ns Ar time
-.Xc
+.It Fl Fl time-missing= Ns Ar time
time before slave is polled for presence (default 2 min)
-.It Xo
-.Fl -time-gone= Ns Ar time
-.Xc
+.It Fl Fl time-gone= Ns Ar time
time of inactivity after which a slave is considered gone (default 5 min)
-.It Xo
-.Fl -detach
-.Xc
+.It Fl Fl detach
detach from console
-.It Xo
-.Fl -version
-.Xc
-.It Xo
-.Fl -help
-.Xc
+.It Fl Fl version
+.It Fl Fl help
.El
.Pp
Supported options for
.Nm ipropd-slave :
.Bl -tag -width Ds
-.It Xo
-.Fl c Ar string ,
-.Fl -config-file= Ns Ar string
-.Xc
-.It Xo
-.Fl r Ar string ,
-.Fl -realm= Ns Ar string
-.Xc
-.It Xo
-.Fl k Ar kspec ,
-.Fl -keytab= Ns Ar kspec
-.Xc
+.It Fl c Ar string , Fl Fl config-file= Ns Ar string
+.It Fl r Ar string , Fl Fl realm= Ns Ar string
+.It Fl k Ar kspec , Fl Fl keytab= Ns Ar kspec
keytab to get authentication from
-.It Xo
-.Fl -time-lost= Ns Ar time
-.Xc
+.It Fl Fl time-lost= Ns Ar time
time before server is considered lost (default 5 min)
-.It Xo
-.Fl -detach
-.Xc
+.It Fl Fl detach
detach from console
-.It Xo
-.Fl -version
-.Xc
-.It Xo
-.Fl -help
-.Xc
+.It Fl Fl version
+.It Fl Fl help
.El
Time arguments for the relevant options above may be specified in forms
like 5 min, 300 s, or simply a number of seconds.
Index: src/crypto/external/bsd/heimdal/dist/lib/krb5/krb5_get_in_cred.3
diff -u src/crypto/external/bsd/heimdal/dist/lib/krb5/krb5_get_in_cred.3:1.1.1.2 src/crypto/external/bsd/heimdal/dist/lib/krb5/krb5_get_in_cred.3:1.2
--- src/crypto/external/bsd/heimdal/dist/lib/krb5/krb5_get_in_cred.3:1.1.1.2 Thu Apr 14 14:09:23 2011
+++ src/crypto/external/bsd/heimdal/dist/lib/krb5/krb5_get_in_cred.3 Thu Apr 14 19:19:20 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: krb5_get_in_cred.3,v 1.1.1.2 2011/04/14 14:09:23 elric Exp $
+.\" $NetBSD: krb5_get_in_cred.3,v 1.2 2011/04/14 19:19:20 elric Exp $
.\"
.\" Copyright (c) 2003 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
@@ -171,7 +171,7 @@
.Nm krb5_get_in_tkt_with_password
uses the clients password to authenticate.
If the password argument is
-.DV NULL
+.Dv NULL
the user user queried with the default password query function.
.Pp
.Nm krb5_get_in_tkt_with_keytab
Index: src/crypto/external/bsd/heimdal/dist/lib/krb5/krb5_init_context.3
diff -u src/crypto/external/bsd/heimdal/dist/lib/krb5/krb5_init_context.3:1.1.1.2 src/crypto/external/bsd/heimdal/dist/lib/krb5/krb5_init_context.3:1.2
--- src/crypto/external/bsd/heimdal/dist/lib/krb5/krb5_init_context.3:1.1.1.2 Thu Apr 14 14:09:23 2011
+++ src/crypto/external/bsd/heimdal/dist/lib/krb5/krb5_init_context.3 Thu Apr 14 19:19:20 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: krb5_init_context.3,v 1.1.1.2 2011/04/14 14:09:23 elric Exp $
+.\" $NetBSD: krb5_init_context.3,v 1.2 2011/04/14 19:19:20 elric Exp $
.\"
.\" Copyright (c) 2001 - 2004 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
@@ -221,7 +221,7 @@
to the specified
.Fa context .
The error handler must generated by the the re-rentrant version of the
-.Xr compile_et 3
+.Xr compile_et 1
program.
.Fn krb5_add_extra_addresses
add a list of addresses that should be added when requesting tickets.
