Module Name: src Committed By: elric Date: Thu Apr 14 19:19:20 UTC 2011
Modified Files: src/crypto/external/bsd/heimdal/dist/admin: ktutil.8 src/crypto/external/bsd/heimdal/dist/kadmin: kadmin.8 kadmind.8 src/crypto/external/bsd/heimdal/dist/kcm: kcm.8 src/crypto/external/bsd/heimdal/dist/kdc: hprop.8 hpropd.8 kdc.8 kstash.8 string2key.8 src/crypto/external/bsd/heimdal/dist/kpasswd: kpasswdd.8 src/crypto/external/bsd/heimdal/dist/kuser: kdestroy.1 kgetcred.1 kimpersonate.8 kinit.1 klist.1 src/crypto/external/bsd/heimdal/dist/lib/gssapi: gssapi.3 src/crypto/external/bsd/heimdal/dist/lib/kadm5: iprop-log.8 iprop.8 src/crypto/external/bsd/heimdal/dist/lib/krb5: krb5_get_in_cred.3 krb5_init_context.3 Log Message: Updates to man pages found as diffs in prior location in a batch. To generate a diff of this commit: cvs rdiff -u -r1.1.1.2 -r1.2 \ src/crypto/external/bsd/heimdal/dist/admin/ktutil.8 cvs rdiff -u -r1.1.1.2 -r1.2 \ src/crypto/external/bsd/heimdal/dist/kadmin/kadmin.8 \ src/crypto/external/bsd/heimdal/dist/kadmin/kadmind.8 cvs rdiff -u -r1.1.1.2 -r1.2 src/crypto/external/bsd/heimdal/dist/kcm/kcm.8 cvs rdiff -u -r1.1.1.2 -r1.2 src/crypto/external/bsd/heimdal/dist/kdc/hprop.8 \ src/crypto/external/bsd/heimdal/dist/kdc/hpropd.8 \ src/crypto/external/bsd/heimdal/dist/kdc/kdc.8 \ src/crypto/external/bsd/heimdal/dist/kdc/kstash.8 \ src/crypto/external/bsd/heimdal/dist/kdc/string2key.8 cvs rdiff -u -r1.1.1.1 -r1.2 \ src/crypto/external/bsd/heimdal/dist/kpasswd/kpasswdd.8 cvs rdiff -u -r1.1.1.2 -r1.2 \ src/crypto/external/bsd/heimdal/dist/kuser/kdestroy.1 \ src/crypto/external/bsd/heimdal/dist/kuser/kgetcred.1 \ src/crypto/external/bsd/heimdal/dist/kuser/kimpersonate.8 \ src/crypto/external/bsd/heimdal/dist/kuser/kinit.1 \ src/crypto/external/bsd/heimdal/dist/kuser/klist.1 cvs rdiff -u -r1.1.1.2 -r1.2 \ src/crypto/external/bsd/heimdal/dist/lib/gssapi/gssapi.3 cvs rdiff -u -r1.1.1.2 -r1.2 \ src/crypto/external/bsd/heimdal/dist/lib/kadm5/iprop-log.8 \ src/crypto/external/bsd/heimdal/dist/lib/kadm5/iprop.8 cvs rdiff -u -r1.1.1.2 -r1.2 \ src/crypto/external/bsd/heimdal/dist/lib/krb5/krb5_get_in_cred.3 \ src/crypto/external/bsd/heimdal/dist/lib/krb5/krb5_init_context.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/crypto/external/bsd/heimdal/dist/admin/ktutil.8 diff -u src/crypto/external/bsd/heimdal/dist/admin/ktutil.8:1.1.1.2 src/crypto/external/bsd/heimdal/dist/admin/ktutil.8:1.2 --- src/crypto/external/bsd/heimdal/dist/admin/ktutil.8:1.1.1.2 Thu Apr 14 14:08:06 2011 +++ src/crypto/external/bsd/heimdal/dist/admin/ktutil.8 Thu Apr 14 19:19:19 2011 @@ -1,4 +1,4 @@ -.\" $NetBSD: ktutil.8,v 1.1.1.2 2011/04/14 14:08:06 elric Exp $ +.\" $NetBSD: ktutil.8,v 1.2 2011/04/14 19:19:19 elric Exp $ .\" .\" Copyright (c) 1997-2004 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). @@ -55,72 +55,43 @@ is a program for managing keytabs. Supported options: .Bl -tag -width Ds -.It Xo -.Fl v , -.Fl -verbose -.Xc +.It Fl v , Fl -verbose Verbose output. .El .Pp .Ar command can be one of the following: .Bl -tag -width srvconvert -.It add Xo -.Op Fl p Ar principal -.Op Fl -principal= Ns Ar principal -.Op Fl V Ar kvno -.Op Fl -kvno= Ns Ar kvno -.Op Fl e Ar enctype -.Op Fl -enctype= Ns Ar enctype -.Op Fl w Ar password -.Op Fl -password= Ns Ar password -.Op Fl r -.Op Fl -random -.Op Fl s -.Op Fl -no-salt -.Op Fl H -.Op Fl -hex -.Xc +.It add Oo Fl p Ar principal Oc Oo Fl -principal= Ns Ar principal Oc \ +Oo Fl V Ar kvno Oc Oo Fl -kvno= Ns Ar kvno Oc Oo Fl e Ar enctype Oc \ +Oo Fl -enctype= Ns Ar enctype Oc Oo Fl w Ar password Oc \ +Oo Fl -password= Ns Ar password Oc Oo Fl r Oc Oo Fl -random Oc \ +Oo Fl s Oc Oo Fl -no-salt Oc Oo Fl H Oc Op Fl -hex Adds a key to the keytab. Options that are not specified will be prompted for. This requires that you know the password or the hex key of the principal to add; if what you really want is to add a new principal to the keytab, you should consider the .Ar get command, which talks to the kadmin server. -.It change Xo -.Op Fl r Ar realm -.Op Fl -realm= Ns Ar realm -.Op Fl -a Ar host -.Op Fl -admin-server= Ns Ar host -.Op Fl -s Ar port -.Op Fl -server-port= Ns Ar port -.Xc +.It change Oo Fl r Ar realm Oc Oo Fl -realm= Ns Ar realm Oc \ +Oo Fl -a Ar host Oc Oo Fl -admin-server= Ns Ar host Oc \ +Oo Fl -s Ar port Oc Op Fl -server-port= Ns Ar port Update one or several keys to new versions. By default, use the admin server for the realm of a keytab entry. Otherwise it will use the values specified by the options. .Pp If no principals are given, all the ones in the keytab are updated. -.It copy Xo -.Ar keytab-src -.Ar keytab-dest -.Xc +.It copy Ar keytab-src Ar keytab-dest Copies all the entries from .Ar keytab-src to .Ar keytab-dest . -.It get Xo -.Op Fl p Ar admin principal -.Op Fl -principal= Ns Ar admin principal -.Op Fl e Ar enctype -.Op Fl -enctypes= Ns Ar enctype -.Op Fl r Ar realm -.Op Fl -realm= Ns Ar realm -.Op Fl a Ar admin server -.Op Fl -admin-server= Ns Ar admin server -.Op Fl s Ar server port -.Op Fl -server-port= Ns Ar server port -.Ar principal ... -.Xc +.It get Oo Fl p Ar admin principal Oc \ +Oo Fl -principal= Ns Ar admin principal Oc Oo Fl e Ar enctype Oc \ +Oo Fl -enctypes= Ns Ar enctype Oc Oo Fl r Ar realm Oc \ +Oo Fl -realm= Ns Ar realm Oc Oo Fl a Ar admin server Oc \ +Oo Fl -admin-server= Ns Ar admin server Oc Oo Fl s Ar server port Oc \ +Oo Fl -server-port= Ns Ar server port Oc Ar principal ... For each .Ar principal , generate a new key for it (creating it if it doesn't already exist), @@ -130,35 +101,22 @@ .Ar realm is specified, the realm to operate on is taken from the first principal. -.It list Xo -.Op Fl -keys -.Op Fl -timestamp -.Xc +.It list Oo Fl -keys Oc Op Fl -timestamp List the keys stored in the keytab. -.It remove Xo -.Op Fl p Ar principal -.Op Fl -principal= Ns Ar principal -.Op Fl V kvno -.Op Fl -kvno= Ns Ar kvno -.Op Fl e enctype -.Op Fl -enctype= Ns Ar enctype -.Xc +.It remove Oo Fl p Ar principal Oc Oo Fl -principal= Ns Ar principal Oc \ +Oo Fl V kvno Oc Oo Fl -kvno= Ns Ar kvno Oc Oo Fl e enctype Oc \ +Oo Fl -enctype= Ns Ar enctype Oc Removes the specified key or keys. Not specifying a .Ar kvno removes keys with any version number. Not specifying an .Ar enctype removes keys of any type. -.It rename Xo -.Ar from-principal -.Ar to-principal -.Xc +.It rename Ar from-principal Ar to-principal Renames all entries in the keytab that match the .Ar from-principal to .Ar to-principal . -.It purge Xo -.Op Fl -age= Ns Ar age -.Xc +.It purge Op Fl -age= Ns Ar age Removes all old versions of a key for which there is a newer version that is at least .Ar age Index: src/crypto/external/bsd/heimdal/dist/kadmin/kadmin.8 diff -u src/crypto/external/bsd/heimdal/dist/kadmin/kadmin.8:1.1.1.2 src/crypto/external/bsd/heimdal/dist/kadmin/kadmin.8:1.2 --- src/crypto/external/bsd/heimdal/dist/kadmin/kadmin.8:1.1.1.2 Thu Apr 14 14:08:10 2011 +++ src/crypto/external/bsd/heimdal/dist/kadmin/kadmin.8 Thu Apr 14 19:19:19 2011 @@ -1,4 +1,4 @@ -.\" $NetBSD: kadmin.8,v 1.1.1.2 2011/04/14 14:08:10 elric Exp $ +.\" $NetBSD: kadmin.8,v 1.2 2011/04/14 19:19:19 elric Exp $ .\" .\" Copyright (c) 2000 - 2007 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). @@ -42,34 +42,13 @@ .Sh SYNOPSIS .Nm .Bk -words -.Oo Fl p Ar string \*(Ba Xo -.Fl -principal= Ns Ar string -.Xc -.Oc -.Oo Fl K Ar string \*(Ba Xo -.Fl -keytab= Ns Ar string -.Xc -.Oc -.Oo Fl c Ar file \*(Ba Xo -.Fl -config-file= Ns Ar file -.Xc -.Oc -.Oo Fl k Ar file \*(Ba Xo -.Fl -key-file= Ns Ar file -.Xc -.Oc -.Oo Fl r Ar realm \*(Ba Xo -.Fl -realm= Ns Ar realm -.Xc -.Oc -.Oo Fl a Ar host \*(Ba Xo -.Fl -admin-server= Ns Ar host -.Xc -.Oc -.Oo Fl s Ar port number \*(Ba Xo -.Fl -server-port= Ns Ar port number -.Xc -.Oc +.Op Fl p Ar string \*(Ba Fl -principal= Ns Ar string +.Op Fl K Ar string \*(Ba Fl -keytab= Ns Ar string +.Op Fl c Ar file \*(Ba Fl -config-file= Ns Ar file +.Op Fl k Ar file \*(Ba Fl -key-file= Ns Ar file +.Op Fl r Ar realm \*(Ba Fl -realm= Ns Ar realm +.Op Fl a Ar host \*(Ba Fl -admin-server= Ns Ar host +.Op Fl s Ar port number \*(Ba Fl -server-port= Ns Ar port number .Op Fl l | Fl -local .Op Fl h | Fl -help .Op Fl v | Fl -version @@ -86,45 +65,21 @@ .Pp Supported options: .Bl -tag -width Ds -.It Xo -.Fl p Ar string , -.Fl -principal= Ns Ar string -.Xc +.It Fl p Ar string , Fl -principal= Ns Ar string principal to authenticate as -.It Xo -.Fl K Ar string , -.Fl -keytab= Ns Ar string -.Xc +.It Fl K Ar string , Fl -keytab= Ns Ar string keytab for authentication principal -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl -config-file= Ns Ar file location of config file -.It Xo -.Fl k Ar file , -.Fl -key-file= Ns Ar file -.Xc +.It Fl k Ar file , Fl -key-file= Ns Ar file location of master key file -.It Xo -.Fl r Ar realm , -.Fl -realm= Ns Ar realm -.Xc +.It Fl r Ar realm , Fl -realm= Ns Ar realm realm to use -.It Xo -.Fl a Ar host , -.Fl -admin-server= Ns Ar host -.Xc +.It Fl a Ar host , Fl -admin-server= Ns Ar host server to contact -.It Xo -.Fl s Ar port number , -.Fl -server-port= Ns Ar port number -.Xc +.It Fl s Ar port number , Fl -server-port= Ns Ar port number port to use -.It Xo -.Fl l , -.Fl -local -.Xc +.It Fl l , Fl -local local admin mode .El .Pp @@ -150,10 +105,7 @@ .Nm add .Op Fl r | Fl -random-key .Op Fl -random-password -.Oo Fl p Ar string \*(Ba Xo -.Fl -password= Ns Ar string -.Xc -.Oc +.Op Fl p Ar string \*(Ba Fl -password= Ns Ar string .Op Fl -key= Ns Ar string .Op Fl -max-ticket-life= Ns Ar lifetime .Op Fl -max-renewable-life= Ns Ar lifetime Index: src/crypto/external/bsd/heimdal/dist/kadmin/kadmind.8 diff -u src/crypto/external/bsd/heimdal/dist/kadmin/kadmind.8:1.1.1.2 src/crypto/external/bsd/heimdal/dist/kadmin/kadmind.8:1.2 --- src/crypto/external/bsd/heimdal/dist/kadmin/kadmind.8:1.1.1.2 Thu Apr 14 14:08:10 2011 +++ src/crypto/external/bsd/heimdal/dist/kadmin/kadmind.8 Thu Apr 14 19:19:19 2011 @@ -1,4 +1,4 @@ -.\" $NetBSD: kadmind.8,v 1.1.1.2 2011/04/14 14:08:10 elric Exp $ +.\" $NetBSD: kadmind.8,v 1.2 2011/04/14 19:19:19 elric Exp $ .\" .\" Copyright (c) 2002 - 2004 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). @@ -120,34 +120,17 @@ .Pp Supported options: .Bl -tag -width Ds -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl -config-file= Ns Ar file location of config file -.It Xo -.Fl k Ar file , -.Fl -key-file= Ns Ar file -.Xc +.It Fl k Ar file , Fl -key-file= Ns Ar file location of master key file -.It Xo -.Fl -keytab= Ns Ar keytab -.Xc +.It Fl -keytab= Ns Ar keytab what keytab to use -.It Xo -.Fl r Ar realm , -.Fl -realm= Ns Ar realm -.Xc +.It Fl r Ar realm , Fl -realm= Ns Ar realm realm to use -.It Xo -.Fl d , -.Fl -debug -.Xc +.It Fl d , Fl -debug enable debugging -.It Xo -.Fl p Ar port , -.Fl -ports= Ns Ar port -.Xc +.It Fl p Ar port , Fl -ports= Ns Ar port ports to listen to. By default, if run as a daemon, it listens to port 749, but you can add any number of ports with this option. The port string is a whitespace separated list of port specifications, with the Index: src/crypto/external/bsd/heimdal/dist/kcm/kcm.8 diff -u src/crypto/external/bsd/heimdal/dist/kcm/kcm.8:1.1.1.2 src/crypto/external/bsd/heimdal/dist/kcm/kcm.8:1.2 --- src/crypto/external/bsd/heimdal/dist/kcm/kcm.8:1.1.1.2 Thu Apr 14 14:08:10 2011 +++ src/crypto/external/bsd/heimdal/dist/kcm/kcm.8 Thu Apr 14 19:19:19 2011 @@ -1,4 +1,4 @@ -.\" $NetBSD: kcm.8,v 1.1.1.2 2011/04/14 14:08:10 elric Exp $ +.\" $NetBSD: kcm.8,v 1.2 2011/04/14 19:19:19 elric Exp $ .\" .\" Copyright (c) 2005 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). @@ -129,91 +129,42 @@ .Pp Supported options: .Bl -tag -width Ds -.It Xo -.Fl -cache-name= Ns Ar cachename -.Xc +.It Fl -cache-name= Ns Ar cachename system cache name -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl -config-file= Ns Ar file location of config file -.It Xo -.Fl g Ar group , -.Fl -group= Ns Ar group -.Xc +.It Fl g Ar group , Fl -group= Ns Ar group system cache group -.It Xo -.Fl -max-request= Ns Ar size -.Xc +.It Fl -max-request= Ns Ar size max size for a kcm-request -.It Xo -.Fl -disallow-getting-krbtgt -.Xc +.It Fl -disallow-getting-krbtgt disallow extracting any krbtgt from the .Nm kcm daemon. -.It Xo -.Fl -detach -.Xc +.It Fl -detach detach from console -.It Xo -.Fl h , -.Fl -help -.Xc -.It Xo -.Fl k Ar principal , -.Fl -system-principal= Ns Ar principal -.Xc +.It Fl h , Fl -help +.It Fl k Ar principal , Fl -system-principal= Ns Ar principal system principal name -.It Xo -.Fl l Ar time , -.Fl -lifetime= Ns Ar time -.Xc +.It Fl l Ar time , Fl -lifetime= Ns Ar time lifetime of system tickets -.It Xo -.Fl m Ar mode , -.Fl -mode= Ns Ar mode -.Xc +.It Fl m Ar mode , Fl -mode= Ns Ar mode octal mode of system cache -.It Xo -.Fl n , -.Fl -no-name-constraints -.Xc +.It Fl n , Fl -no-name-constraints disable credentials cache name constraints -.It Xo -.Fl r Ar time , -.Fl -renewable-life= Ns Ar time -.Xc +.It Fl r Ar time , Fl -renewable-life= Ns Ar time renewable lifetime of system tickets -.It Xo -.Fl s Ar path , -.Fl -socket-path= Ns Ar path -.Xc +.It Fl s Ar path , Fl -socket-path= Ns Ar path path to kcm domain socket -.It Xo -.Fl -door-path= Ns Ar path -.Xc +.It Fl -door-path= Ns Ar path path to kcm door socket -.It Xo -.Fl S Ar principal , -.Fl -server= Ns Ar principal -.Xc +.It Fl S Ar principal , Fl -server= Ns Ar principal server to get system ticket for -.It Xo -.Fl t Ar keytab , -.Fl -keytab= Ns Ar keytab -.Xc +.It Fl t Ar keytab , Fl -keytab= Ns Ar keytab system keytab name -.It Xo -.Fl u Ar user , -.Fl -user= Ns Ar user -.Xc +.It Fl u Ar user , Fl -user= Ns Ar user system cache owner -.It Xo -.Fl v , -.Fl -version -.Xc +.It Fl v , Fl -version .El .\".Sh ENVIRONMENT .\".Sh FILES Index: src/crypto/external/bsd/heimdal/dist/kdc/hprop.8 diff -u src/crypto/external/bsd/heimdal/dist/kdc/hprop.8:1.1.1.2 src/crypto/external/bsd/heimdal/dist/kdc/hprop.8:1.2 --- src/crypto/external/bsd/heimdal/dist/kdc/hprop.8:1.1.1.2 Thu Apr 14 14:08:12 2011 +++ src/crypto/external/bsd/heimdal/dist/kdc/hprop.8 Thu Apr 14 19:19:19 2011 @@ -1,4 +1,4 @@ -.\" $NetBSD: hprop.8,v 1.1.1.2 2011/04/14 14:08:12 elric Exp $ +.\" $NetBSD: hprop.8,v 1.2 2011/04/14 19:19:19 elric Exp $ .\" .\" Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). @@ -91,19 +91,11 @@ .Pp Supported options: .Bl -tag -width Ds -.It Xo -.Fl m Ar file , -.Fl -master-key= Ns Pa file -.Xc +.It Fl m Ar file , Fl -master-key= Ns Pa file Where to find the master key to encrypt or decrypt keys with. -.It Xo -.Fl d Ar file , -.Fl -database= Ns Pa file -.Xc +.It Fl d Ar file , Fl -database= Ns Pa file The database to be propagated. -.It Xo -.Fl -source= Ns Ar heimdal|mit-dump -.Xc +.It Fl -source= Ns Ar heimdal|mit-dump|krb4-dump|kaserver Specifies the type of the source database. Alternatives include: .Pp .Bl -tag -width mit-dump -compact -offset indent @@ -112,36 +104,21 @@ .It mit-dump a MIT Kerberos 5 dump file .El -.It Xo -.Fl k Ar keytab , -.Fl -keytab= Ns Ar keytab -.Xc ++.It Fl k Ar keytab , Fl -keytab= Ns Ar keytab The keytab to use for fetching the key to be used for authenticating to the propagation daemon(s). The key .Pa hprop/hostname is used from this keytab. The default is to fetch the key from the KDC database. -.It Xo -.Fl R Ar string , -.Fl -v5-realm= Ns Ar string -.Xc +.It Fl R Ar string , Fl -v5-realm= Ns Ar string Local realm override. -.It Xo -.Fl D , -.Fl -decrypt -.Xc +.It Fl D , Fl -decrypt The encryption keys in the database can either be in clear, or encrypted with a master key. This option transmits the database with unencrypted keys. -.It Xo -.Fl E , -.Fl -encrypt -.Xc +.It Fl E , Fl -encrypt This option transmits the database with encrypted keys. -.It Xo -.Fl n , -.Fl -stdout -.Xc +.It Fl n , Fl -stdout Dump the database on stdout, in a format that can be fed to hpropd. .El .Sh EXAMPLES Index: src/crypto/external/bsd/heimdal/dist/kdc/hpropd.8 diff -u src/crypto/external/bsd/heimdal/dist/kdc/hpropd.8:1.1.1.2 src/crypto/external/bsd/heimdal/dist/kdc/hpropd.8:1.2 --- src/crypto/external/bsd/heimdal/dist/kdc/hpropd.8:1.1.1.2 Thu Apr 14 14:08:12 2011 +++ src/crypto/external/bsd/heimdal/dist/kdc/hpropd.8 Thu Apr 14 19:19:19 2011 @@ -1,4 +1,4 @@ -.\" $NetBSD: hpropd.8,v 1.1.1.2 2011/04/14 14:08:12 elric Exp $ +.\" $NetBSD: hpropd.8,v 1.2 2011/04/14 19:19:19 elric Exp $ .\" .\" Copyright (c) 1997, 2000 - 2003 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). @@ -75,34 +75,17 @@ .Pp Options supported: .Bl -tag -width Ds -.It Xo -.Fl d Ar file , -.Fl -database= Ns Ar file -.Xc +.It Fl d Ar file , Fl -database= Ns Ar file database -.It Xo -.Fl n , -.Fl -stdin -.Xc +.It Fl n , Fl -stdin read from stdin -.It Xo -.Fl -print -.Xc +.It Fl -print print dump to stdout -.It Xo -.Fl i , -.Fl -no-inetd -.Xc +.It Fl i , Fl -no-inetd not started from inetd -.It Xo -.Fl k Ar keytab , -.Fl -keytab= Ns Ar keytab -.Xc +.It Fl k Ar keytab , Fl -keytab= Ns Ar keytab keytab to use for authentication -.It Xo -.Fl 4 , -.Fl -v4dump -.Xc +.It Fl 4 , Fl -v4dump create v4 type DB .El .Sh SEE ALSO Index: src/crypto/external/bsd/heimdal/dist/kdc/kdc.8 diff -u src/crypto/external/bsd/heimdal/dist/kdc/kdc.8:1.1.1.2 src/crypto/external/bsd/heimdal/dist/kdc/kdc.8:1.2 --- src/crypto/external/bsd/heimdal/dist/kdc/kdc.8:1.1.1.2 Thu Apr 14 14:08:12 2011 +++ src/crypto/external/bsd/heimdal/dist/kdc/kdc.8 Thu Apr 14 19:19:19 2011 @@ -1,4 +1,4 @@ -.\" $NetBSD: kdc.8,v 1.1.1.2 2011/04/14 14:08:12 elric Exp $ +.\" $NetBSD: kdc.8,v 1.2 2011/04/14 19:19:19 elric Exp $ .\" .\" Copyright (c) 2003 - 2004 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). @@ -74,17 +74,11 @@ .Pp Options supported: .Bl -tag -width Ds -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl -config-file= Ns Ar file Specifies the location of the config file, the default is .Pa /var/heimdal/kdc.conf . This is the only value that can't be specified in the config file. -.It Xo -.Fl p , -.Fl -no-require-preauth -.Xc +.It Fl p , Fl -no-require-preauth Turn off the requirement for pre-autentication in the initial AS-REQ for all principals. The use of pre-authentication makes it more difficult to do offline @@ -97,34 +91,20 @@ The default is to require pre-authentication. Adding the require-preauth per principal is a more flexible way of handling this. -.It Xo -.Fl -max-request= Ns Ar size -.Xc +.It Fl -max-request= Ns Ar size Gives an upper limit on the size of the requests that the kdc is willing to handle. -.It Xo -.Fl H , -.Fl -enable-http -.Xc +.It Fl H , Fl -enable-http Makes the kdc listen on port 80 and handle requests encapsulated in HTTP. -.It Xo -.Fl -no-524 -.Xc +.It Fl -no-524 don't respond to 524 requests -.It Xo -.Fl -kerberos4 -.Xc +.It Fl -kerberos4 respond to Kerberos 4 requests -.It Xo -.Fl -kerberos4-cross-realm -.Xc +.It Fl -kerberos4-cross-realm respond to Kerberos 4 requests from foreign realms. This is a known security hole and should not be enabled unless you understand the consequences and are willing to live with them. -.It Xo -.Fl r Ar string , -.Fl -v4-realm= Ns Ar string -.Xc +.It Fl r Ar string , Fl -v4-realm= Ns Ar string What realm this server should act as when dealing with version 4 requests. The database can contain any number of realms, but since the version 4 @@ -134,15 +114,9 @@ .Fn krb_get_lrealm . This option is only availabe if the KDC has been compiled with version 4 support. -.It Xo -.Fl K , -.Fl -kaserver -.Xc +.It Fl K , Fl -kaserver Enable kaserver emulation (in case it's compiled in). -.It Xo -.Fl P Ar portspec , -.Fl -ports= Ns Ar portspec -.Xc +.It Fl P Ar portspec , Fl -ports= Ns Ar portspec Specifies the set of ports the KDC should listen on. It is given as a white-space separated list of services or port numbers. @@ -200,11 +174,8 @@ .It Li max-kdc-datagram-reply-length = Va number Maximum packet size the UDP rely that the KDC will transmit, instead the KDC sends back a reply telling the client to use TCP instead. -.It Li transited-policy = Xo -.Li always-check \*(Ba -.Li allow-per-principal | -.Li always-honour-request -.Xc +.It Li transited-policy = Li always-check \*(Ba \ +Li allow-per-principal | Li always-honour-request This controls how KDC requests with the .Li disable-transited-check flag are handled. It can be one of: Index: src/crypto/external/bsd/heimdal/dist/kdc/kstash.8 diff -u src/crypto/external/bsd/heimdal/dist/kdc/kstash.8:1.1.1.2 src/crypto/external/bsd/heimdal/dist/kdc/kstash.8:1.2 --- src/crypto/external/bsd/heimdal/dist/kdc/kstash.8:1.1.1.2 Thu Apr 14 14:08:17 2011 +++ src/crypto/external/bsd/heimdal/dist/kdc/kstash.8 Thu Apr 14 19:19:19 2011 @@ -1,4 +1,4 @@ -.\" $NetBSD: kstash.8,v 1.1.1.2 2011/04/14 14:08:17 elric Exp $ +.\" $NetBSD: kstash.8,v 1.2 2011/04/14 19:19:19 elric Exp $ .\" .\" Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). @@ -64,28 +64,16 @@ .Pp Supported options: .Bl -tag -width Ds -.It Xo -.Fl e Ar string , -.Fl -enctype= Ns Ar string -.Xc +.It Fl e Ar string , Fl -enctype= Ns Ar string the encryption type to use, defaults to DES3-CBC-SHA1. -.It Xo -.Fl k Ar file , -.Fl -key-file= Ns Ar file -.Xc +.It Fl k Ar file , Fl -key-file= Ns Ar file the name of the master key file. -.It Xo -.Fl -convert-file -.Xc +.It Fl -convert-file don't ask for a new master key, just read an old master key file, and write it back in the new keyfile format. -.It Xo -.Fl -random-key -.Xc +.It Fl -random-key generate a random master key. -.It Xo -.Fl -master-key-fd= Ns Ar fd -.Xc +.It Fl -master-key-fd= Ns Ar fd filedescriptor to read passphrase from, if not specified the passphrase will be read from the terminal. .El Index: src/crypto/external/bsd/heimdal/dist/kdc/string2key.8 diff -u src/crypto/external/bsd/heimdal/dist/kdc/string2key.8:1.1.1.2 src/crypto/external/bsd/heimdal/dist/kdc/string2key.8:1.2 --- src/crypto/external/bsd/heimdal/dist/kdc/string2key.8:1.1.1.2 Thu Apr 14 14:08:18 2011 +++ src/crypto/external/bsd/heimdal/dist/kdc/string2key.8 Thu Apr 14 19:19:19 2011 @@ -1,4 +1,4 @@ -.\" $NetBSD: string2key.8,v 1.1.1.2 2011/04/14 14:08:18 elric Exp $ +.\" $NetBSD: string2key.8,v 1.2 2011/04/14 19:19:19 elric Exp $ .\" .\" Copyright (c) 2000 - 2002 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). @@ -67,46 +67,21 @@ This is useful when you want to handle the raw key instead of the password. Supported options: .Bl -tag -width Ds -.It Xo -.Fl 5 , -.Fl -version5 -.Xc +.It Fl 5 , Fl -version5 Output Kerberos v5 string-to-key -.It Xo -.Fl 4 , -.Fl -version4 -.Xc +.It Fl 4 , Fl -version4 Output Kerberos v4 string-to-key -.It Xo -.Fl a , -.Fl -afs -.Xc +.It Fl a , Fl -afs Output AFS string-to-key -.It Xo -.Fl c Ar cell , -.Fl -cell= Ns Ar cell -.Xc +.It Fl c Ar cell , Fl -cell= Ns Ar cell AFS cell to use -.It Xo -.Fl w Ar password , -.Fl -password= Ns Ar password -.Xc +.It Fl w Ar password , Fl -password= Ns Ar password Password to use -.It Xo -.Fl p Ar principal , -.Fl -principal= Ns Ar principal -.Xc +.It Fl p Ar principal , Fl -principal= Ns Ar principal Kerberos v5 principal to use -.It Xo -.Fl k Ar string , -.Fl -keytype= Ns Ar string -.Xc +.It Fl k Ar string , Fl -keytype= Ns Ar string Keytype -.It Xo -.Fl -version -.Xc +.It Fl -version print version -.It Xo -.Fl -help -.Xc +.It Fl -help .El Index: src/crypto/external/bsd/heimdal/dist/kpasswd/kpasswdd.8 diff -u src/crypto/external/bsd/heimdal/dist/kpasswd/kpasswdd.8:1.1.1.1 src/crypto/external/bsd/heimdal/dist/kpasswd/kpasswdd.8:1.2 --- src/crypto/external/bsd/heimdal/dist/kpasswd/kpasswdd.8:1.1.1.1 Wed Apr 13 18:14:38 2011 +++ src/crypto/external/bsd/heimdal/dist/kpasswd/kpasswdd.8 Thu Apr 14 19:19:19 2011 @@ -1,4 +1,4 @@ -.\" $NetBSD: kpasswdd.8,v 1.1.1.1 2011/04/13 18:14:38 elric Exp $ +.\" $NetBSD: kpasswdd.8,v 1.2 2011/04/14 19:19:19 elric Exp $ .\" .\" Copyright (c) 1997, 2000 - 2005 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). @@ -66,20 +66,14 @@ .Pp Supported options: .Bl -tag -width Ds -.It Xo -.Fl -addresses= Ns Ar address -.Xc +.It Fl -addresses= Ns Ar address For each till the argument is given, add the address to what kpasswdd should listen too. -.It Xo -.Fl -check-library= Ns Ar library -.Xc +.It Fl -check-library= Ns Ar library If your system has support for dynamic loading of shared libraries, you can use an external function to check password quality. This option specifies which library to load. -.It Xo -.Fl -check-function= Ns Ar function -.Xc +.It Fl -check-function= Ns Ar function This is the function to call in the loaded library. The function should look like this: .Pp @@ -94,20 +88,11 @@ is the new password. Note that the password (in .Fa password->data ) is not zero terminated. -.It Xo -.Fl k Ar kspec , -.Fl -keytab= Ns Ar kspec -.Xc +.It Fl k Ar kspec , Fl -keytab= Ns Ar kspec Keytab to get authentication key from. -.It Xo -.Fl r Ar realm , -.Fl -realm= Ns Ar realm -.Xc +.It Fl r Ar realm , Fl -realm= Ns Ar realm Default realm. -.It Xo -.Fl p Ar string , -.Fl -port= Ns Ar string -.Xc +.It Fl p Ar string , Fl -port= Ns Ar string Port to listen on (default service kpasswd - 464). .El .Sh DIAGNOSTICS Index: src/crypto/external/bsd/heimdal/dist/kuser/kdestroy.1 diff -u src/crypto/external/bsd/heimdal/dist/kuser/kdestroy.1:1.1.1.2 src/crypto/external/bsd/heimdal/dist/kuser/kdestroy.1:1.2 --- src/crypto/external/bsd/heimdal/dist/kuser/kdestroy.1:1.1.1.2 Thu Apr 14 14:08:18 2011 +++ src/crypto/external/bsd/heimdal/dist/kuser/kdestroy.1 Thu Apr 14 19:19:19 2011 @@ -1,4 +1,4 @@ -.\" $NetBSD: kdestroy.1,v 1.1.1.2 2011/04/14 14:08:18 elric Exp $ +.\" $NetBSD: kdestroy.1,v 1.2 2011/04/14 19:19:19 elric Exp $ .\" .\" Copyright (c) 1997, 1999, 2001, 2004, 2006 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). @@ -38,7 +38,7 @@ .Os .Sh NAME .Nm kdestroy -.Nd remove one credental or destroy the current ticket file +.Nd remove one credential or destroy the current ticket file .Sh SYNOPSIS .Nm .Bk -words Index: src/crypto/external/bsd/heimdal/dist/kuser/kgetcred.1 diff -u src/crypto/external/bsd/heimdal/dist/kuser/kgetcred.1:1.1.1.2 src/crypto/external/bsd/heimdal/dist/kuser/kgetcred.1:1.2 --- src/crypto/external/bsd/heimdal/dist/kuser/kgetcred.1:1.1.1.2 Thu Apr 14 14:08:18 2011 +++ src/crypto/external/bsd/heimdal/dist/kuser/kgetcred.1 Thu Apr 14 19:19:19 2011 @@ -1,4 +1,4 @@ -.\" $NetBSD: kgetcred.1,v 1.1.1.2 2011/04/14 14:08:18 elric Exp $ +.\" $NetBSD: kgetcred.1,v 1.2 2011/04/14 19:19:19 elric Exp $ .\" .\" Copyright (c) 1999, 2001 - 2002 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). @@ -63,30 +63,16 @@ .Pp Supported options: .Bl -tag -width Ds -.It Xo -.Fl -canonicalize -.Xc +.It Fl -canonicalize requests that the KDC canonicalize the principal. -.It Xo -.Fl c Ar cache , -.Fl -cache= Ns Ar cache -.Xc +.It Fl c Ar cache , Fl -cache= Ns Ar cache the credential cache to use. -.It Xo -.Fl e Ar enctype , -.Fl -enctype= Ns Ar enctype -.Xc +.It Fl e Ar enctype , Fl -enctype= Ns Ar enctype encryption type to use. -.It Xo -.Fl -no-transit-check -.Xc -requests that the KDC doesn't do trasnit checking. -.It Xo -.Fl -version -.Xc -.It Xo -.Fl -help -.Xc +.It Fl -no-transit-check +requests that the KDC doesn't do transit checking. +.It Fl -version +.It Fl -help .El .Sh SEE ALSO .Xr kinit 1 , Index: src/crypto/external/bsd/heimdal/dist/kuser/kimpersonate.8 diff -u src/crypto/external/bsd/heimdal/dist/kuser/kimpersonate.8:1.1.1.2 src/crypto/external/bsd/heimdal/dist/kuser/kimpersonate.8:1.2 --- src/crypto/external/bsd/heimdal/dist/kuser/kimpersonate.8:1.1.1.2 Thu Apr 14 14:08:18 2011 +++ src/crypto/external/bsd/heimdal/dist/kuser/kimpersonate.8 Thu Apr 14 19:19:19 2011 @@ -1,4 +1,4 @@ -.\" $NetBSD: kimpersonate.8,v 1.1.1.2 2011/04/14 14:08:18 elric Exp $ +.\" $NetBSD: kimpersonate.8,v 1.2 2011/04/14 19:19:19 elric Exp $ .\" .\" Copyright (c) 2002 - 2007 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). @@ -42,28 +42,14 @@ impersonate a user when there exist a srvtab, keyfile or KeyFile .Sh SYNOPSIS .Nm -.Oo Fl s Ar string \*(Ba Xo -.Fl -server= Ns Ar string Oc -.Xc -.Oo Fl c Ar string \*(Ba Xo -.Fl -client= Ns Ar string Oc -.Xc -.Oo Fl k Ar string \*(Ba Xo -.Fl -keytab= Ns Ar string Oc -.Xc +.Op Fl s Ar string \*(Ba Fl -server= Ns Ar string +.Op Fl c Ar string \*(Ba Fl -client= Ns Ar string +.Op Fl k Ar string \*(Ba Fl -keytab= Ns Ar string .Op Fl 5 | Fl -krb5 -.Oo Fl e Ar integer \*(Ba Xo -.Fl -expire-time= Ns Ar integer Oc -.Xc -.Oo Fl a Ar string \*(Ba Xo -.Fl -client-address= Ns Ar string Oc -.Xc -.Oo Fl t Ar string \*(Ba Xo -.Fl -enc-type= Ns Ar string Oc -.Xc -.Oo Fl f Ar string \*(Ba Xo -.Fl -ticket-flags= Ns Ar string Oc -.Xc +.Op Fl e Ar integer \*(Ba Fl -expire-time= Ns Ar integer +.Op Fl a Ar string \*(Ba Fl -client-address= Ns Ar string +.Op Fl t Ar string \*(Ba Fl -enc-type= Ns Ar string +.Op Fl f Ar string \*(Ba Fl -ticket-flags= Ns Ar string .Op Fl -verbose .Op Fl -version .Op Fl -help @@ -75,57 +61,27 @@ (if compiled with support for Kerberos 4) a Kerberos 4 srvtab. Supported options: .Bl -tag -width Ds -.It Xo -.Fl s Ar string Ns , -.Fl -server= Ns Ar string -.Xc +.It Fl s Ar string Ns , Fl -server= Ns Ar string name of server principal -.It Xo -.Fl c Ar string Ns , -.Fl -client= Ns Ar string -.Xc +.It Fl c Ar string Ns , Fl -client= Ns Ar string name of client principal -.It Xo -.Fl k Ar string Ns , -.Fl -keytab= Ns Ar string -.Xc +.It Fl k Ar string Ns , Fl -keytab= Ns Ar string name of keytab file -.It Xo -.Fl 5 Ns , -.Fl -krb5 -.Xc +.It Fl 5 Ns , Fl -krb5 create a Kerberos 5 ticket -.It Xo -.Fl e Ar integer Ns , -.Fl -expire-time= Ns Ar integer -.Xc +.It Fl e Ar integer Ns , Fl -expire-time= Ns Ar integer lifetime of ticket in seconds -.It Xo -.Fl a Ar string Ns , -.Fl -client-address= Ns Ar string -.Xc +.It Fl a Ar string Ns , Fl -client-address= Ns Ar string address of client -.It Xo -.Fl t Ar string Ns , -.Fl -enc-type= Ns Ar string -.Xc +.It Fl t Ar string Ns , Fl -enc-type= Ns Ar string encryption type -.It Xo -.Fl f Ar string Ns , -.Fl -ticket-flags= Ns Ar string -.Xc +.It Fl f Ar string Ns , Fl -ticket-flags= Ns Ar string ticket flags for krb5 ticket -.It Xo -.Fl -verbose -.Xc +.It Fl -verbose Verbose output -.It Xo -.Fl -version -.Xc +.It Fl -version Print version -.It Xo -.Fl -help -.Xc +.It Fl -help .El .Sh FILES Uses @@ -133,9 +89,9 @@ .Pa /etc/srvtab and .Pa /usr/afs/etc/KeyFile -when avalible and the the +when available and the .Fl k -is used with appropriate prefix. +option is used with an appropriate prefix. .Sh EXAMPLES .Nm can be used in Index: src/crypto/external/bsd/heimdal/dist/kuser/kinit.1 diff -u src/crypto/external/bsd/heimdal/dist/kuser/kinit.1:1.1.1.2 src/crypto/external/bsd/heimdal/dist/kuser/kinit.1:1.2 --- src/crypto/external/bsd/heimdal/dist/kuser/kinit.1:1.1.1.2 Thu Apr 14 14:08:19 2011 +++ src/crypto/external/bsd/heimdal/dist/kuser/kinit.1 Thu Apr 14 19:19:19 2011 @@ -1,4 +1,4 @@ -.\" $NetBSD: kinit.1,v 1.1.1.2 2011/04/14 14:08:19 elric Exp $ +.\" $NetBSD: kinit.1,v 1.2 2011/04/14 19:19:19 elric Exp $ .\" .\" Copyright (c) 1998 - 2003, 2006 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). @@ -98,41 +98,23 @@ .Pp Supported options: .Bl -tag -width Ds -.It Xo -.Fl c Ar cachename -.Fl -cache= Ns Ar cachename -.Xc +.It Fl c Ar cachename Fl -cache= Ns Ar cachename The credentials cache to put the acquired ticket in, if other than default. -.It Xo -.Fl f -.Fl -no-forwardable -.Xc +.It Fl f Fl -no-forwardable Get ticket that can be forwarded to another host, or if the negative flags use, don't get a forwardable flag. -.It Xo -.Fl t Ar keytabname , -.Fl -keytab= Ns Ar keytabname -.Xc +.It Fl t Ar keytabname , Fl -keytab= Ns Ar keytabname Don't ask for a password, but instead get the key from the specified keytab. -.It Xo -.Fl l Ar time , -.Fl -lifetime= Ns Ar time -.Xc +.It Fl l Ar time , Fl -lifetime= Ns Ar time Specifies the lifetime of the ticket. The argument can either be in seconds, or a more human readable string like .Sq 1h . -.It Xo -.Fl p , -.Fl -proxiable -.Xc +.It Fl p , Fl -proxiable Request tickets with the proxiable flag set. -.It Xo -.Fl R , -.Fl -renew -.Xc +.It Fl R , Fl -renew Try to renew ticket. The ticket must have the .Sq renewable @@ -141,46 +123,26 @@ The same as .Fl -renewable-life , with an infinite time. -.It Xo -.Fl r Ar time , -.Fl -renewable-life= Ns Ar time -.Xc +.It Fl r Ar time , Fl -renewable-life= Ns Ar time The max renewable ticket life. -.It Xo -.Fl S Ar principal , -.Fl -server= Ns Ar principal -.Xc +.It Fl S Ar principal , Fl -server= Ns Ar principal Get a ticket for a service other than krbtgt/LOCAL.REALM. -.It Xo -.Fl s Ar time , -.Fl -start-time= Ns Ar time -.Xc +.It Fl s Ar time , Fl -start-time= Ns Ar time Obtain a ticket that starts to be valid .Ar time (which can really be a generic time specification, like .Sq 1h ) seconds into the future. -.It Xo -.Fl k , -.Fl -use-keytab -.Xc +.It Fl k , Fl -use-keytab The same as .Fl -keytab , but with the default keytab name (normally .Ar FILE:/etc/krb5.keytab ) . -.It Xo -.Fl v , -.Fl -validate -.Xc +.It Fl v , Fl -validate Try to validate an invalid ticket. -.It Xo -.Fl e , -.Fl -enctypes= Ns Ar enctypes -.Xc +.It Fl e , Fl -enctypes= Ns Ar enctypes Request tickets with this particular enctype. -.It Xo -.Fl -password-file= Ns Ar filename -.Xc +.It Fl -password-file= Ns Ar filename read the password from the first line of .Ar filename . If the @@ -188,15 +150,10 @@ is .Ar STDIN , the password will be read from the standard input. -.It Xo -.Fl -fcache-version= Ns Ar version-number -.Xc +.It Fl -fcache-version= Ns Ar version-number Create a credentials cache of version .Ar version-number . -.It Xo -.Fl a , -.Fl -extra-addresses= Ns Ar enctypes -.Xc +.It Fl a , Fl -extra-addresses= Ns Ar enctypes Adds a set of addresses that will, in addition to the systems local addresses, be put in the ticket. This can be useful if all addresses a client can use can't be @@ -206,20 +163,13 @@ .Li libdefaults/extra_addresses in .Xr krb5.conf 5 . -.It Xo -.Fl A , -.Fl -no-addresses -.Xc +.It Fl A , Fl -no-addresses Request a ticket with no addresses. -.It Xo -.Fl -anonymous -.Xc +.It Fl -anonymous Request an anonymous ticket (which means that the ticket will be issued to an anonymous principal, typically .Dq anonymous@REALM ) . -.It Xo -.Fl -enterprise -.Xc +.It Fl -enterprise Parse principal as a enterprise (KRB5-NT-ENTERPRISE) name. Enterprise names are email like principals that are stored in the name part of the principal, and since there are two @ characters the parser needs Index: src/crypto/external/bsd/heimdal/dist/kuser/klist.1 diff -u src/crypto/external/bsd/heimdal/dist/kuser/klist.1:1.1.1.2 src/crypto/external/bsd/heimdal/dist/kuser/klist.1:1.2 --- src/crypto/external/bsd/heimdal/dist/kuser/klist.1:1.1.1.2 Thu Apr 14 14:08:19 2011 +++ src/crypto/external/bsd/heimdal/dist/kuser/klist.1 Thu Apr 14 19:19:19 2011 @@ -1,4 +1,4 @@ -.\" $NetBSD: klist.1,v 1.1.1.2 2011/04/14 14:08:19 elric Exp $ +.\" $NetBSD: klist.1,v 1.2 2011/04/14 19:19:19 elric Exp $ .\" .\" Copyright (c) 2000 - 2005 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). @@ -62,27 +62,14 @@ .Pp Options supported: .Bl -tag -width Ds -.It Xo -.Fl c Ar cache , -.Fl -cache= Ns Ar cache -.Xc +.It Fl c Ar cache , Fl -cache= Ns Ar cache credential cache to list -.It Xo -.Fl s , -.Fl t , -.Fl -test -.Xc +.It Fl s , Fl t , Fl -test Test for there being an active and valid TGT for the local realm of the user in the credential cache. -.It Xo -.Fl T , -.Fl -tokens -.Xc +.It Fl T , Fl -tokens display AFS tokens -.It Xo -.Fl 5 , -.Fl -v5 -.Xc +.It Fl 5 , Fl -v5 display v5 cred cache (this is the default) .It Fl f Include ticket flags in short form, each character stands for a @@ -115,10 +102,7 @@ This information is also output with the .Fl -verbose option, but in a more verbose way. -.It Xo -.Fl v , -.Fl -verbose -.Xc +.It Fl v , Fl -verbose Verbose output. Include all possible information: .Bl -tag -width XXXX -offset indent .It Server @@ -143,10 +127,7 @@ .It Addresses the set of addresses from which this ticket is valid .El -.It Xo -.Fl l , -.Fl -list-caches -.Xc +.It Fl l , Fl -list-caches List the credential caches for the current users, not all cache types supports listing multiple caches. .Pp Index: src/crypto/external/bsd/heimdal/dist/lib/gssapi/gssapi.3 diff -u src/crypto/external/bsd/heimdal/dist/lib/gssapi/gssapi.3:1.1.1.2 src/crypto/external/bsd/heimdal/dist/lib/gssapi/gssapi.3:1.2 --- src/crypto/external/bsd/heimdal/dist/lib/gssapi/gssapi.3:1.1.1.2 Thu Apr 14 14:08:24 2011 +++ src/crypto/external/bsd/heimdal/dist/lib/gssapi/gssapi.3 Thu Apr 14 19:19:19 2011 @@ -1,4 +1,4 @@ -.\" $NetBSD: gssapi.3,v 1.1.1.2 2011/04/14 14:08:24 elric Exp $ +.\" $NetBSD: gssapi.3,v 1.2 2011/04/14 19:19:19 elric Exp $ .\" .\" Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). @@ -55,57 +55,52 @@ .Em libgssapi . Declarations for these functions may be obtained from the include file .Pa gssapi/gssapi.h . -.sp 2 -.nf -.ta \w'gss_inquire_names_for_mech'u+2n +\w'Description goes here'u -\fIName/Page\fP \fIDescription\fP -.ta \w'gss_inquire_names_for_mech'u+2n +\w'Description goes here'u+6nC -.sp 5p -gss_accept_sec_context.3 -gss_acquire_cred.3 -gss_add_cred.3 -gss_add_oid_set_member.3 -gss_canonicalize_name.3 -gss_compare_name.3 -gss_context_time.3 -gss_create_empty_oid_set.3 -gss_delete_sec_context.3 -gss_display_name.3 -gss_display_status.3 -gss_duplicate_name.3 -gss_export_name.3 -gss_export_sec_context.3 -gss_get_mic.3 -gss_import_name.3 -gss_import_sec_context.3 -gss_indicate_mechs.3 -gss_init_sec_context.3 -gss_inquire_context.3 -gss_inquire_cred.3 -gss_inquire_cred_by_mech.3 -gss_inquire_mechs_for_name.3 -gss_inquire_names_for_mech.3 -gss_krb5_ccache_name.3 -gss_krb5_compat_des3_mic.3 -gss_krb5_copy_ccache.3 -gss_krb5_extract_authz_data_from_sec_context.3 -gss_krb5_import_ccache.3 -gss_process_context_token.3 -gss_release_buffer.3 -gss_release_cred.3 -gss_release_name.3 -gss_release_oid_set.3 -gss_seal.3 -gss_sign.3 -gss_test_oid_set_member.3 -gss_unseal.3 -gss_unwrap.3 -gss_verify.3 -gss_verify_mic.3 -gss_wrap.3 -gss_wrap_size_limit.3 -.ta -.Fi +.Bl -column -compact +.It Sy Name/Page +.It Xr gss_accept_sec_context 3 +.It Xr gss_acquire_cred 3 +.It Xr gss_add_cred 3 +.It Xr gss_add_oid_set_member 3 +.It Xr gss_canonicalize_name 3 +.It Xr gss_compare_name 3 +.It Xr gss_context_time 3 +.It Xr gss_create_empty_oid_set 3 +.It Xr gss_delete_sec_context 3 +.It Xr gss_display_name 3 +.It Xr gss_display_status 3 +.It Xr gss_duplicate_name 3 +.It Xr gss_export_name 3 +.It Xr gss_export_sec_context 3 +.It Xr gss_get_mic 3 +.It Xr gss_import_name 3 +.It Xr gss_import_sec_context 3 +.It Xr gss_indicate_mechs 3 +.It Xr gss_init_sec_context 3 +.It Xr gss_inquire_context 3 +.It Xr gss_inquire_cred 3 +.It Xr gss_inquire_cred_by_mech 3 +.It Xr gss_inquire_mechs_for_name 3 +.It Xr gss_inquire_names_for_mech 3 +.It Xr gss_krb5_ccache_name 3 +.It Xr gss_krb5_compat_des3_mic 3 +.It Xr gss_krb5_copy_ccache 3 +.It Xr gss_krb5_extract_authz_data_from_sec_context 3 +.It Xr gss_krb5_import_ccache 3 +.It Xr gss_process_context_token 3 +.It Xr gss_release_buffer 3 +.It Xr gss_release_cred 3 +.It Xr gss_release_name 3 +.It Xr gss_release_oid_set 3 +.It Xr gss_seal 3 +.It Xr gss_sign 3 +.It Xr gss_test_oid_set_member 3 +.It Xr gss_unseal 3 +.It Xr gss_unwrap 3 +.It Xr gss_verify 3 +.It Xr gss_verify_mic 3 +.It Xr gss_wrap 3 +.It Xr gss_wrap_size_limit 3 +.El .Sh COMPATIBILITY The .Nm Heimdal Index: src/crypto/external/bsd/heimdal/dist/lib/kadm5/iprop-log.8 diff -u src/crypto/external/bsd/heimdal/dist/lib/kadm5/iprop-log.8:1.1.1.2 src/crypto/external/bsd/heimdal/dist/lib/kadm5/iprop-log.8:1.2 --- src/crypto/external/bsd/heimdal/dist/lib/kadm5/iprop-log.8:1.1.1.2 Thu Apr 14 14:09:16 2011 +++ src/crypto/external/bsd/heimdal/dist/lib/kadm5/iprop-log.8 Thu Apr 14 19:19:20 2011 @@ -1,4 +1,4 @@ -.\" $NetBSD: iprop-log.8,v 1.1.1.2 2011/04/14 14:09:16 elric Exp $ +.\" $NetBSD: iprop-log.8,v 1.2 2011/04/14 19:19:20 elric Exp $ .\" .\" Id .\" @@ -85,28 +85,17 @@ .Sh DESCRIPTION Supported options: .Bl -tag -width Ds -.It Xo -.Fl -version -.Xc -.It Xo -.Fl h , -.Fl -help -.Xc +.It Fl -version +.It Fl h , Fl -help .El .Pp command can be one of the following: .Bl -tag -width truncate .It truncate .Bl -tag -width Ds -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl -config-file= Ns Ar file configuration file -.It Xo -.Fl r Ar string , -.Fl -realm= Ns Ar string -.Xc +.It Fl r Ar string , Fl -realm= Ns Ar string realm .El .Pp @@ -115,38 +104,22 @@ file, the log will start over at the first version (0). .It dump .Bl -tag -width Ds -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl -config-file= Ns Ar file configuration file -.It Xo -.Fl r Ar string , -.Fl -realm= Ns Ar string -.Xc +.It Fl r Ar string , Fl -realm= Ns Ar string realm .El .Pp Print out all entires in the log to standard output. .It replay .Bl -tag -width Ds -.It Xo -.Fl -start-version= Ns Ar version-number -.Xc +.It Fl -start-version= Ns Ar version-number start replay with this version -.It Xo -.Fl -end-version= Ns Ar version-number -.Xc +.It Fl -end-version= Ns Ar version-number end replay with this version -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl -config-file= Ns Ar file configuration file -.It Xo -.Fl r Ar string , -.Fl -realm= Ns Ar string -.Xc +.It Fl r Ar string , Fl -realm= Ns Ar string realm .El .Pp @@ -154,15 +127,9 @@ specified) in the transaction log to the database. .It last-version .Bl -tag -width Ds -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl -config-file= Ns Ar file configuration file -.It Xo -.Fl r Ar string , -.Fl -realm= Ns Ar string -.Xc +.It Fl r Ar string , Fl -realm= Ns Ar string realm .El .Pp Index: src/crypto/external/bsd/heimdal/dist/lib/kadm5/iprop.8 diff -u src/crypto/external/bsd/heimdal/dist/lib/kadm5/iprop.8:1.1.1.2 src/crypto/external/bsd/heimdal/dist/lib/kadm5/iprop.8:1.2 --- src/crypto/external/bsd/heimdal/dist/lib/kadm5/iprop.8:1.1.1.2 Thu Apr 14 14:09:16 2011 +++ src/crypto/external/bsd/heimdal/dist/lib/kadm5/iprop.8 Thu Apr 14 19:19:20 2011 @@ -1,4 +1,4 @@ -.\" $NetBSD: iprop.8,v 1.1.1.2 2011/04/14 14:09:16 elric Exp $ +.\" $NetBSD: iprop.8,v 1.2 2011/04/14 19:19:20 elric Exp $ .\" .\" Id .\" @@ -40,51 +40,49 @@ .Nm iprop , .Nm ipropd-master , .Nm ipropd-slave -.Nd -propagate changes to a Heimdal Kerberos master KDC to slave KDCs +.Nd propagate changes to a Heimdal Kerberos master KDC to slave KDCs .Sh SYNOPSIS .Nm ipropd-master .Oo Fl c Ar string \*(Ba Xo -.Fl -config-file= Ns Ar string +.Fl Fl config-file= Ns Ar string .Xc .Oc .Oo Fl r Ar string \*(Ba Xo -.Fl -realm= Ns Ar string +.Fl Fl realm= Ns Ar string .Xc .Oc .Oo Fl k Ar kspec \*(Ba Xo -.Fl -keytab= Ns Ar kspec +.Fl Fl keytab= Ns Ar kspec .Xc .Oc .Oo Fl d Ar file \*(Ba Xo -.Fl -database= Ns Ar file +.Fl Fl database= Ns Ar file .Xc .Oc -.Op Fl -slave-stats-file= Ns Ar file -.Op Fl -time-missing= Ns Ar time -.Op Fl -time-gone= Ns Ar time -.Op Fl -detach -.Op Fl -version -.Op Fl -help +.Op Fl Fl slave-stats-file= Ns Ar file +.Op Fl Fl time-missing= Ns Ar time +.Op Fl Fl time-gone= Ns Ar time +.Op Fl Fl detach +.Op Fl Fl version +.Op Fl Fl help .Nm ipropd-slave .Oo Fl c Ar string \*(Ba Xo -.Fl -config-file= Ns Ar string +.Fl Fl config-file= Ns Ar string .Xc .Oc .Oo Fl r Ar string \*(Ba Xo -.Fl -realm= Ns Ar string +.Fl Fl realm= Ns Ar string .Xc .Oc .Oo Fl k Ar kspec \*(Ba Xo -.Fl -keytab= Ns Ar kspec +.Fl Fl keytab= Ns Ar kspec .Xc .Oc -.Op Fl -time-lost= Ns Ar time -.Op Fl -detach -.Op Fl -version -.Op Fl -help +.Op Fl Fl time-lost= Ns Ar time +.Op Fl Fl detach +.Op Fl Fl version +.Op Fl Fl help .Ar master -.Pp .Sh DESCRIPTION .Nm ipropd-master is used to propagate changes to a Heimdal Kerberos database from the @@ -98,9 +96,9 @@ .Pa /var/heimdal/slaves . This has principals one per-line of the form .Dl iprop/ Ns Ar slave Ns @ Ns Ar REALM -where -.Ar slave -is the hostname of the slave server in the given +where +.Ar slave +is the hostname of the slave server in the given .Ar REALM , e.g.\& .Dl iprop/kerberos-1.example....@example.com @@ -112,20 +110,23 @@ .Xr hprop 8 , which sends the whole database to the slaves regularly, .Nm -normally sends only the changes as they happen on the master. The -master keeps track of all the changes by assigning a version number to -every change to the database. The slaves know which was the latest -version they saw, and in this way it can be determined if they are in -sync or not. A log of all the changes is kept on the master. When a -slave is at an older version than the oldest one in the log, the whole -database has to be sent. +normally sends only the changes as they happen on the master. +The master keeps track of all the changes by assigning a version +number to every change to the database. +The slaves know which was the latest version they saw, and in this +way it can be determined if they are in sync or not. +A log of all the changes is kept on the master. +When a slave is at an older version than the oldest one in the log, +the whole database has to be sent. .Pp The changes are propagated over a secure channel (on port 2121 by -default). This should normally be defined as +default). +This should normally be defined as .Dq iprop/tcp in .Pa /etc/services -or another source of the services database. The master and slaves +or another source of the services database. +The master and slaves must each have access to a keytab with keys for the .Nm iprop service principal on the local host. @@ -138,78 +139,37 @@ Supported options for .Nm ipropd-master : .Bl -tag -width Ds -.It Xo -.Fl c Ar string , -.Fl -config-file= Ns Ar string -.Xc -.It Xo -.Fl r Ar string , -.Fl -realm= Ns Ar string -.Xc -.It Xo -.Fl k Ar kspec , -.Fl -keytab= Ns Ar kspec -.Xc +.It Fl c Ar string , Fl Fl config-file= Ns Ar string +.It Fl r Ar string , Fl Fl realm= Ns Ar string +.It Fl k Ar kspec , Fl Fl keytab= Ns Ar kspec keytab to get authentication from -.It Xo -.Fl d Ar file , -.Fl -database= Ns Ar file -.Xc +.It Fl d Ar file , Fl Fl database= Ns Ar file Database (default per KDC) -.It Xo -.Fl -slave-stats-file= Ns Ar file -.Xc +.It Fl Fl slave-stats-file= Ns Ar file file for slave status information -.It Xo -.Fl -time-missing= Ns Ar time -.Xc +.It Fl Fl time-missing= Ns Ar time time before slave is polled for presence (default 2 min) -.It Xo -.Fl -time-gone= Ns Ar time -.Xc +.It Fl Fl time-gone= Ns Ar time time of inactivity after which a slave is considered gone (default 5 min) -.It Xo -.Fl -detach -.Xc +.It Fl Fl detach detach from console -.It Xo -.Fl -version -.Xc -.It Xo -.Fl -help -.Xc +.It Fl Fl version +.It Fl Fl help .El .Pp Supported options for .Nm ipropd-slave : .Bl -tag -width Ds -.It Xo -.Fl c Ar string , -.Fl -config-file= Ns Ar string -.Xc -.It Xo -.Fl r Ar string , -.Fl -realm= Ns Ar string -.Xc -.It Xo -.Fl k Ar kspec , -.Fl -keytab= Ns Ar kspec -.Xc +.It Fl c Ar string , Fl Fl config-file= Ns Ar string +.It Fl r Ar string , Fl Fl realm= Ns Ar string +.It Fl k Ar kspec , Fl Fl keytab= Ns Ar kspec keytab to get authentication from -.It Xo -.Fl -time-lost= Ns Ar time -.Xc +.It Fl Fl time-lost= Ns Ar time time before server is considered lost (default 5 min) -.It Xo -.Fl -detach -.Xc +.It Fl Fl detach detach from console -.It Xo -.Fl -version -.Xc -.It Xo -.Fl -help -.Xc +.It Fl Fl version +.It Fl Fl help .El Time arguments for the relevant options above may be specified in forms like 5 min, 300 s, or simply a number of seconds. Index: src/crypto/external/bsd/heimdal/dist/lib/krb5/krb5_get_in_cred.3 diff -u src/crypto/external/bsd/heimdal/dist/lib/krb5/krb5_get_in_cred.3:1.1.1.2 src/crypto/external/bsd/heimdal/dist/lib/krb5/krb5_get_in_cred.3:1.2 --- src/crypto/external/bsd/heimdal/dist/lib/krb5/krb5_get_in_cred.3:1.1.1.2 Thu Apr 14 14:09:23 2011 +++ src/crypto/external/bsd/heimdal/dist/lib/krb5/krb5_get_in_cred.3 Thu Apr 14 19:19:20 2011 @@ -1,4 +1,4 @@ -.\" $NetBSD: krb5_get_in_cred.3,v 1.1.1.2 2011/04/14 14:09:23 elric Exp $ +.\" $NetBSD: krb5_get_in_cred.3,v 1.2 2011/04/14 19:19:20 elric Exp $ .\" .\" Copyright (c) 2003 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). @@ -171,7 +171,7 @@ .Nm krb5_get_in_tkt_with_password uses the clients password to authenticate. If the password argument is -.DV NULL +.Dv NULL the user user queried with the default password query function. .Pp .Nm krb5_get_in_tkt_with_keytab Index: src/crypto/external/bsd/heimdal/dist/lib/krb5/krb5_init_context.3 diff -u src/crypto/external/bsd/heimdal/dist/lib/krb5/krb5_init_context.3:1.1.1.2 src/crypto/external/bsd/heimdal/dist/lib/krb5/krb5_init_context.3:1.2 --- src/crypto/external/bsd/heimdal/dist/lib/krb5/krb5_init_context.3:1.1.1.2 Thu Apr 14 14:09:23 2011 +++ src/crypto/external/bsd/heimdal/dist/lib/krb5/krb5_init_context.3 Thu Apr 14 19:19:20 2011 @@ -1,4 +1,4 @@ -.\" $NetBSD: krb5_init_context.3,v 1.1.1.2 2011/04/14 14:09:23 elric Exp $ +.\" $NetBSD: krb5_init_context.3,v 1.2 2011/04/14 19:19:20 elric Exp $ .\" .\" Copyright (c) 2001 - 2004 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). @@ -221,7 +221,7 @@ to the specified .Fa context . The error handler must generated by the the re-rentrant version of the -.Xr compile_et 3 +.Xr compile_et 1 program. .Fn krb5_add_extra_addresses add a list of addresses that should be added when requesting tickets.