1 files changed, 61 insertions, 90 deletions
diff --git a/crypto/heimdal/kdc/kdc.8 b/crypto/heimdal/kdc/kdc.8
index 331682f1cd6b..4a69bda06790 100644
--- a/crypto/heimdal/kdc/kdc.8
+++ b/crypto/heimdal/kdc/kdc.8
@@ -1,35 +1,35 @@
-.\" Copyright (c) 2003 - 2004 Kungliga Tekniska H�gskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden). 
-.\" All rights reserved. 
+.\" Copyright (c) 2003 - 2004 Kungliga Tekniska Högskolan
+.\" (Royal Institute of Technology, Stockholm, Sweden).
+.\" All rights reserved.
 .\"
-.\" Redistribution and use in source and binary forms, with or without 
-.\" modification, are permitted provided that the following conditions 
-.\" are met: 
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
 .\"
-.\" 1. Redistributions of source code must retain the above copyright 
-.\"    notice, this list of conditions and the following disclaimer. 
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
 .\"
-.\" 2. Redistributions in binary form must reproduce the above copyright 
-.\"    notice, this list of conditions and the following disclaimer in the 
-.\"    documentation and/or other materials provided with the distribution. 
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
 .\"
-.\" 3. Neither the name of the Institute nor the names of its contributors 
-.\"    may be used to endorse or promote products derived from this software 
-.\"    without specific prior written permission. 
+.\" 3. Neither the name of the Institute nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
 .\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-.\" SUCH DAMAGE. 
+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
 .\"
-.\" $Id: kdc.8 18419 2006-10-12 10:05:57Z lha $
+.\" $Id$
 .\"
 .Dd August 24, 2006
 .Dt KDC 8
@@ -41,27 +41,27 @@
 .Nm
 .Bk -words
 .Oo Fl c Ar file \*(Ba Xo
-.Fl -config-file= Ns Ar file
+.Fl Fl config-file= Ns Ar file
 .Xc
 .Oc
-.Op Fl p | Fl -no-require-preauth
-.Op Fl -max-request= Ns Ar size
-.Op Fl H | Fl -enable-http
-.Op Fl -no-524
-.Op Fl -kerberos4
-.Op Fl -kerberos4-cross-realm
+.Op Fl p | Fl Fl no-require-preauth
+.Op Fl Fl max-request= Ns Ar size
+.Op Fl H | Fl Fl enable-http
+.Op Fl Fl no-524
+.Op Fl Fl kerberos4
+.Op Fl Fl kerberos4-cross-realm
 .Oo Fl r Ar string \*(Ba Xo
-.Fl -v4-realm= Ns Ar string
+.Fl Fl v4-realm= Ns Ar string
 .Xc
 .Oc
-.Op Fl K | Fl -kaserver
+.Op Fl K | Fl Fl kaserver
 .Oo Fl P Ar portspec \*(Ba Xo
-.Fl -ports= Ns Ar portspec
+.Fl Fl ports= Ns Ar portspec
 .Xc
 .Oc
-.Op Fl -detach
-.Op Fl -disable-DES
-.Op Fl -addresses= Ns Ar list of addresses
+.Op Fl Fl detach
+.Op Fl Fl disable-des
+.Op Fl Fl addresses= Ns Ar list of addresses
 .Ek
 .Sh DESCRIPTION
 .Nm
@@ -72,17 +72,11 @@ or from a default compiled-in value.
 .Pp
 Options supported:
 .Bl -tag -width Ds
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
+.It Fl c Ar file , Fl Fl config-file= Ns Ar file
 Specifies the location of the config file, the default is
 .Pa /var/heimdal/kdc.conf .
 This is the only value that can't be specified in the config file.
-.It Xo
-.Fl p ,
-.Fl -no-require-preauth
-.Xc
+.It Fl p , Fl Fl no-require-preauth
 Turn off the requirement for pre-autentication in the initial AS-REQ
 for all principals.
 The use of pre-authentication makes it more difficult to do offline
@@ -95,34 +89,20 @@ pre-athentication.
 The default is to require pre-authentication.
 Adding the require-preauth per principal is a more flexible way of
 handling this.
-.It Xo
-.Fl -max-request= Ns Ar size
-.Xc
+.It Fl Fl max-request= Ns Ar size
 Gives an upper limit on the size of the requests that the kdc is
 willing to handle.
-.It Xo
-.Fl H ,
-.Fl -enable-http
-.Xc
+.It Fl H , Fl Fl enable-http
 Makes the kdc listen on port 80 and handle requests encapsulated in HTTP.
-.It Xo
-.Fl -no-524
-.Xc
+.It Fl Fl no-524
 don't respond to 524 requests
-.It Xo
-.Fl -kerberos4
-.Xc
+.It Fl Fl kerberos4
 respond to Kerberos 4 requests
-.It Xo
-.Fl -kerberos4-cross-realm
-.Xc
+.It Fl Fl kerberos4-cross-realm
 respond to Kerberos 4 requests from foreign realms.
 This is a known security hole and should not be enabled unless you
 understand the consequences and are willing to live with them.
-.It Xo
-.Fl r Ar string ,
-.Fl -v4-realm= Ns Ar string
-.Xc
+.It Fl r Ar string , Fl Fl v4-realm= Ns Ar string
 What realm this server should act as when dealing with version 4
 requests.
 The database can contain any number of realms, but since the version 4
@@ -130,29 +110,23 @@ protocol doesn't contain a realm for the server, it must be explicitly
 specified.
 The default is whatever is returned by
 .Fn krb_get_lrealm .
-This option is only availabe if the KDC has been compiled with version
+This option is only available if the KDC has been compiled with version
 4 support.
-.It Xo
-.Fl K ,
-.Fl -kaserver
-.Xc
+.It Fl K , Fl Fl kaserver
 Enable kaserver emulation (in case it's compiled in).
-.It Xo
-.Fl P Ar portspec ,
-.Fl -ports= Ns Ar portspec
-.Xc
+.It Fl P Ar portspec , Fl Fl ports= Ns Ar portspec
 Specifies the set of ports the KDC should listen on.
 It is given as a
 white-space separated list of services or port numbers.
-.It Fl -addresses= Ns Ar list of addresses
+.It Fl Fl addresses= Ns Ar list of addresses
 The list of addresses to listen for requests on.
 By default, the kdc will listen on all the locally configured
 addresses.
 If only a subset is desired, or the automatic detection fails, this
 option might be used.
-.It Fl -detach
+.It Fl Fl detach
 detach from pty and run as a daemon.
-.It Fl -disable-DES
+.It Fl Fl disable-des
 disable add des encryption types, makes the kdc not use them.
 .El
 .Pp
@@ -163,13 +137,13 @@ and
 The entity used for logging is
 .Nm kdc .
 .Sh CONFIGURATION FILE
-The configuration file has the same syntax as 
+The configuration file has the same syntax as
 .Xr krb5.conf 5 ,
-but will be read before 
+but will be read before
 .Pa /etc/krb5.conf ,
 so it may override settings found there.
 Options specific to the KDC only are found in the
-.Dq [kdc] 
+.Dq [kdc]
 section.
 All the command-line options can preferably be added in the
 configuration file.
@@ -179,7 +153,7 @@ specified as:
 .Dl require-preauth = no
 .Pp
 (in fact you can specify the option as
-.Fl -require-preauth=no ) .
+.Fl Fl require-preauth=no ) .
 .Pp
 And there are some configuration options which do not have
 command-line equivalents:
@@ -198,11 +172,8 @@ Permit anonymous tickets with no addresses.
 .It Li max-kdc-datagram-reply-length = Va number
 Maximum packet size the UDP rely that the KDC will transmit, instead
 the KDC sends back a reply telling the client to use TCP instead.
-.It Li transited-policy = Xo
-.Li always-check \*(Ba
-.Li allow-per-principal |
-.Li always-honour-request
-.Xc
+.It Li transited-policy = Li always-check \*(Ba \
+Li allow-per-principal | Li always-honour-request
 This controls how KDC requests with the
 .Li disable-transited-check
 flag are handled. It can be one of:
@@ -227,7 +198,7 @@ How long before password/principal expiration the KDC should start
 sending out warning messages.
 .El
 .Pp
-The configuration file is only read when the 
+The configuration file is only read when the
 .Nm
 is started.
 If changes made to the configuration file are to take effect, the
@@ -252,7 +223,7 @@ addresses, the best option is probably to listen to a wildcarded TCP
 socket, and make sure your clients use TCP to connect.
 For instance, this will listen to IPv4 TCP port 88 only:
 .Bd -literal -offset indent
-kdc --addresses=0.0.0.0 --ports="88/tcp" 
+kdc --addresses=0.0.0.0 --ports="88/tcp"
 .Ed
 .Pp
 There should be a way to specify protocol, port, and address triplets,