mdoc(ng) fixes

Submitted by:	ru

crypto/heimdal/admin/ktutil.8

@@ -5,8 +5,7 @@
 .Os HEIMDAL
 .Sh NAME
 .Nm ktutil
-.Nd
-manage Kerberos keytabs
+.Nd manage Kerberos keytabs
 .Sh SYNOPSIS
 .Nm
 .Oo Fl k Ar keytab \*(Ba Xo

crypto/heimdal/appl/ftp/ftpd/ftpd.8

@@ -38,8 +38,7 @@
 .Os BSD 4.2
 .Sh NAME
 .Nm ftpd
-.Nd
-Internet File Transfer Protocol server
+.Nd Internet File Transfer Protocol server
 .Sh SYNOPSIS
 .Nm ftpd
 .Op Fl a Ar authmode

crypto/heimdal/appl/ftp/ftpd/ftpusers.5

@@ -5,8 +5,7 @@
 .Os KTH-KRB
 .Sh NAME
 .Pa /etc/ftpusers
-.Nd
-FTP access list file.
+.Nd FTP access list file
 .Sh DESCRIPTION
 .Pa /etc/ftpusers
 contains a list of users that should be allowed or denied FTP

crypto/heimdal/appl/kf/kf.1

@@ -8,62 +8,54 @@
 .Os Heimdal
 .Sh NAME
 .Nm kf
-.Nd
-securly forward tickets
+.Nd securly forward tickets
 .Sh SYNOPSIS
 .Nm
-.Oo Fl p Ar port \*(Ba Xo
-.Fl -port= Ns Ar port Oc
-.Xc
-.Oo Fl l Ar login \*(Ba Xo
-.Fl -login= Ns Ar login Oc
-.Xc
-.Oo Fl c Ar ccache \*(Ba Xo
-.Fl -ccache= Ns Ar ccache Oc
-.Xc
-.Op Fl F | Fl -forwardable
-.Op Fl G | Fl -no-forwardable
-.Op Fl h | Fl -help
+.Oo
+.Fl p Ar port |
+.Fl -port Ns = Ns Ar port
+.Oc
+.Oo
+.Fl l Ar login |
+.Fl -login Ns = Ns Ar login
+.Oc
+.Oo
+.Fl c Ar ccache |
+.Fl -ccache Ns = Ns Ar ccache
+.Oc
+.Op Fl F | -forwardable
+.Op Fl G | -no-forwardable
+.Op Fl h | -help
 .Op Fl -version
 .Ar host ...
 .Sh DESCRIPTION
 The
 .Nm
 program forwards tickets to a remove host through an authenticated
-and encrypted stream. Options supported are:
-.Bl -tag -width Ds
+and encrypted stream.
+Options supported are:
+.Bl -tag -width indent
 .It Xo
-.Fl p Ar port Ns ,
-.Fl -port= Ns Ar port
+.Fl p Ar port ,
+.Fl -port Ns = Ns Ar port
 .Xc
 port to connect to
 .It Xo
-.Fl l Ar login Ns ,
-.Fl -login= Ns Ar login
+.Fl l Ar login ,
+.Fl -login Ns = Ns Ar login
 .Xc
 remote login name
 .It Xo
-.Fl c Ar ccache Ns ,
-.Fl -ccache= Ns Ar ccache
+.Fl c Ar ccache ,
+.Fl -ccache Ns = Ns Ar ccache
 .Xc
 remote cred cache
-.It Xo
-.Fl F Ns ,
-.Fl -forwardable
-.Xc
+.It Fl F , -forwardable
 forward forwardable credentials
-.It Xo
-.Fl G Ns ,
-.Fl -no-forwardable
-.Xc
+.It Fl G , -no-forwardable
 do not forward forwardable credentials
-.It Xo
-.Fl h Ns ,
-.Fl -help
-.Xc
-.It Xo
-.Fl -version
-.Xc
+.It Fl h , -help
+.It Fl -version
 .El
 .Pp
 .Nm
@@ -83,9 +75,9 @@ is able to forward ticket by itself.
 .\".Sh EXAMPLES
 .\".Sh DIAGNOSTICS
 .Sh SEE ALSO
-.Xr kfd 8 ,
 .Xr kinit 1 ,
-.Xr telnet 1
+.Xr telnet 1 ,
+.Xr kfd 8
 .\".Sh STANDARDS
 .\".Sh HISTORY
 .\".Sh AUTHORS

crypto/heimdal/appl/kf/kfd.8

@@ -8,33 +8,31 @@
 .Os Heimdal
 .Sh NAME
 .Nm kfd
-.Nd
-receive forwarded tickets
+.Nd receive forwarded tickets
 .Sh SYNOPSIS
 .Nm
-.Oo Fl p Ar port \*(Ba Xo
-.Fl -port= Ns Ar port Oc
-.Xc
-.Op Fl i | Fl -inetd
-.Oo Fl R Ar regpag \*(Ba Xo
-.Fl -regpag= Ns Ar regpag Oc
-.Xc
-.Op Fl h | Fl -help
+.Oo
+.Fl p Ar port |
+.Fl -port Ns = Ns Ar port
+.Oc
+.Op Fl i | -inetd
+.Oo
+.Fl R Ar regpag |
+.Fl -regpag Ns = Ns Ar regpag
+.Oc
+.Op Fl h | -help
 .Op Fl -version
 .Sh DESCRIPTION
 This is the daemon for
-.Nm kf .
+.Xr kf 1 .
 Supported options:
-.Bl -tag -width Ds
+.Bl -tag -width indent
 .It Xo
-.Fl p Ar port Ns ,
-.Fl -port= Ns Ar port
+.Fl p Ar port ,
+.Fl -port Ns = Ns Ar port
 .Xc
 port to listen to
-.It Xo
-.Fl i Ns ,
-.Fl -inetd
-.Xc
+.It Fl i , -inetd
 not started from inetd
 .It Xo
 .Fl R Ar regpag Ns ,

crypto/heimdal/appl/push/pfrom.1

@@ -5,8 +5,7 @@
 .Os HEIMDAL
 .Sh NAME
 .Nm pfrom
-.Nd
-fetch a list of the current mail via POP
+.Nd "fetch a list of the current mail via POP"
 .Sh SYNOPSIS
 .Nm
 .Op Fl 4 | Fl -krb4

crypto/heimdal/appl/push/push.8

@@ -5,8 +5,7 @@
 .Os HEIMDAL
 .Sh NAME
 .Nm push
-.Nd
-fetch mail via POP
+.Nd fetch mail via POP
 .Sh SYNOPSIS
 .Nm
 .Op Fl 4 | Fl -krb4
@@ -16,9 +15,9 @@ fetch mail via POP
 .Op Fl l | -leave
 .Op Fl -from
 .Op Fl c | -count
-.Op Fl -headers= Ns Ar headers
+.Op Fl -headers Ns = Ns Ar headers
 .Oo Fl p Ar port-spec  \*(Ba Xo
-.Fl -port= Ns Ar port-spec
+.Fl -port Ns = Ns Ar port-spec
 .Xc
 .Oc
 .Ar po-box
@@ -81,12 +80,12 @@ behave like from.
 .Xc
 first print how many messages and bytes there are.
 .It Xo
-.Fl -headers= Ns Ar headers
+.Fl -headers Ns = Ns Ar headers
 .Xc
 a list of comma-separated headers that should get printed.
 .It Xo
 .Fl p Ar port-spec Ns ,
-.Fl -port= Ns Ar port-spec
+.Fl -port Ns = Ns Ar port-spec
 .Xc
 use this port instead of the default
 .Ql kpop 
@@ -119,7 +118,7 @@ $ push --from -5 havregryn
 .Ed
 .Pp
 tries to fetch 
-.Nm From: 
+.Sy From: 
 lines for current user at post office
 .Dq havregryn
 using Kerberos 5.

crypto/heimdal/appl/telnet/telnet/telnet.1

@@ -143,7 +143,6 @@ there will be no escape character.
 If Kerberos V5 authentication is being used, the
 .Fl f
 option allows the local credentials to be forwarded to the remote system.
-.ne 1i
 .It Fl k Ar realm
 If Kerberos authentication is being used, the
 .Fl k
@@ -304,12 +303,12 @@ auth command are as follows:
 .It Ic disable Ar type
 Disables the specified type of authentication.  To
 obtain a list of available types, use the
-.Ic auth disable \&?
+.Ic auth disable ?\&
 command.
 .It Ic enable Ar type
 Enables the specified type of authentication.  To
 obtain a list of available types, use the
-.Ic auth enable \&?
+.Ic auth enable ?\&
 command.
 .It Ic status
 Lists the current status of the various types of
@@ -336,18 +335,22 @@ option is not supported outside of the United States and Canada.
 .Pp
 Valid arguments for the encrypt command are as follows:
 .Bl -tag -width Ar
-.It Ic disable Ar type Ic [input|output]
+.It Ic disable Ar type Xo
+.Op Cm input | output
+.Xc
 Disables the specified type of encryption.  If you
 omit the input and output, both input and output
 are disabled.  To obtain a list of available
 types, use the
-.Ic encrypt disable \&?
+.Ic encrypt disable ?\&
 command.
-.It Ic enable Ar type Ic [input|output]
+.It Ic enable Ar type Xo
+.Op Cm input | output
+.Xc
 Enables the specified type of encryption.  If you
 omit input and output, both input and output are
 enabled.  To obtain a list of available types, use the
-.Ic encrypt enable \&?
+.Ic encrypt enable ?\&
 command.
 .It Ic input
 This is the same as the
@@ -365,18 +368,18 @@ command.
 This is the same as the
 .Ic encrypt stop output
 command.
-.It Ic start Ic [input|output]
+.It Ic start Op Cm input | output
 Attempts to start encryption.  If you omit
 .Ic input
 and
 .Ic output ,
 both input and output are enabled.  To
 obtain a list of available types, use the
-.Ic encrypt enable \&?
+.Ic encrypt enable ?\&
 command.
 .It Ic status
 Lists the current status of encryption.
-.It Ic stop Ic [input|output]
+.It Ic stop Op Cm input | output
 Stops encryption.  If you omit input and output,
 encryption is on both input and output.
 .It Ic type Ar type
@@ -407,7 +410,7 @@ variable is also exported if the
 or
 .Fl l
 options are used.
-.br
+.Pp
 Valid arguments for the
 .Ic environ
 command are:
@@ -441,7 +444,7 @@ Those marked with a
 .Cm *
 will be sent automatically,
 other variables will only be sent if explicitly requested.
-.It Ic \&?
+.It Ic ?\&
 Prints out help information for the
 .Ic environ
 command.
@@ -512,7 +515,6 @@ option.
 This requires that the 
 .Dv LINEMODE
 option be enabled.
-.ne 1i
 .It Ic litecho Pq Ic \-litecho 
 Attempt to enable (disable) the 
 .Dv LIT_ECHO
@@ -522,17 +524,15 @@ option.
 This requires that the 
 .Dv LINEMODE
 option be enabled.
-.It Ic \&?
+.It Ic ?\&
 Prints out help information for the
 .Ic mode
 command.
 .El
 .It Xo
 .Ic open Ar host
-.Oo Op Fl l
-.Ar user
-.Oc Ns Oo Fl
-.Ar port Oc
+.Op Fl l Ar user
+.Op Oo Fl Oc Ns Ar port
 .Xc
 Open a connection to the named host.
 If no port number
@@ -646,7 +646,6 @@ command,
 .Ic getstatus
 will send the subnegotiation to request that the server send
 its current option status.
-.ne 1i
 .It Ic ip
 Sends the
 .Dv TELNET IP
@@ -692,10 +691,10 @@ command.
 can also be either
 .Ic help
 or
-.Ic \&?
+.Ic ?\&
 to print out help information, including
 a list of known symbolic names.
-.It Ic \&?
+.It Ic ?\&
 Prints out help information for the
 .Ic send
 command.
@@ -972,7 +971,6 @@ The initial value for the suspend character is taken to be
 the terminal's
 .Ic suspend
 character.
-.ne 1i
 .It Ic tracefile
 This is the file to which the output, caused by
 .Ic netdata
@@ -996,7 +994,7 @@ The initial value for the worderase character is taken to be
 the terminal's
 .Ic worderase
 character.
-.It Ic \&?
+.It Ic ?\&
 Displays the legal
 .Ic set
 .Pq Ic unset
@@ -1040,7 +1038,7 @@ The remote default characters are those of the remote system
 at the time when the 
 .Tn TELNET
 connection was established.
-.It Ic \&?
+.It Ic ?\&
 Prints out help information for the
 .Ic slc
 command.
@@ -1115,7 +1113,6 @@ stream does not start automatically.  The autoencrypt
 (autodecrypt) command states that encryption of the
 output (input) stream should be enabled as soon as
 possible.
-.sp
 .Pp
 Note:  Because of export controls, the
 .Dv TELNET ENCRYPT
@@ -1273,7 +1270,6 @@ protocol processing (having to do with
 options).
 The initial value for this toggle is
 .Dv FALSE .
-.ne 1i
 .It Ic prettydump
 When the
 .Ic netdata
@@ -1327,7 +1323,7 @@ system.  If
 .Ic command
 is omitted, then an interactive
 subshell is invoked.
-.It Ic \&? Op Ar command 
+.It Ic ?\& Op Ar command 
 Get help.  With no arguments,
 .Nm telnet
 prints a help summary.

crypto/heimdal/appl/telnet/telnetd/telnetd.8

@@ -230,7 +230,6 @@ indicates that only dotted decimal addresses
 should be put into the
 .Pa utmp
 file.
-.ne 1i
 .It Fl U
 This option causes
 .Nm telnetd
@@ -351,7 +350,6 @@ Whenever a
 command is received, it is always responded
 to with a
 .Dv WILL TIMING-MARK
-.ne 1i
 .It "WILL LOGOUT"
 When a
 .Dv DO LOGOUT
@@ -448,14 +446,13 @@ the data stream.
 .El
 .Sh ENVIRONMENT
 .Sh FILES
-.Pa /etc/services
-.br
-.Pa /etc/inittab
+.Bl -tag -width /etc/services -compact
+.It Pa /etc/services
+.It Pa /etc/inittab
 (UNICOS systems only)
-.br
-.Pa /etc/iptos
+.It Pa /etc/iptos
 (if supported)
-.br
+.El
 .Sh "SEE ALSO"
 .Xr telnet 1 ,
 .Xr login 1

crypto/heimdal/kadmin/kadmin.8

@@ -5,8 +5,7 @@
 .Os HEIMDAL
 .Sh NAME
 .Nm kadmin
-.Nd
-Kerberos administration utility
+.Nd Kerberos administration utility
 .Sh SYNOPSIS
 .Nm
 .Oo Fl p Ar string \*(Ba Xo
@@ -101,7 +100,7 @@ will prompt for commands to process. Commands include:
 .Op Fl -pw-expiration-time= Ns Ar time
 .Ar principal...
 .Pp
-.Bd -filled -offset indent
+.Bd -ragged -offset indent
 creates a new principal
 .Ed
 .Pp
@@ -114,21 +113,21 @@ creates a new principal
 .Op Fl -key= Ns Ar string
 .Ar principal...
 .Pp
-.Bd -filled -offset indent
+.Bd -ragged -offset indent
 changes the password of an existing principal
 .Ed
 .Pp
 .Nm delete
 .Ar principal...
 .Pp
-.Bd -filled -offset indent
+.Bd -ragged -offset indent
 removes a principal
 .Ed
 .Pp
 .Nm del_enctype
 .Ar principal enctypes...
 .Pp
-.Bd -filled -offset indent
+.Bd -ragged -offset indent
 removes some enctypes from a principal, this can be useful the service
 belonging to the principal is known to not handle certain enctypes
 .Ed
@@ -139,7 +138,7 @@ belonging to the principal is known to not handle certain enctypes
 .Xc
 .Ar principal...
 .Pp
-.Bd -filled -offset indent
+.Bd -ragged -offset indent
 creates a keytab with the keys of the specified principals
 .Ed
 .Pp
@@ -149,7 +148,7 @@ creates a keytab with the keys of the specified principals
 .Op Fl t | Fl -terse
 .Ar expression...
 .Pp
-.Bd -filled -offset indent
+.Bd -ragged -offset indent
 lists the principals that match the expressions (which are shell glob
 like), long format gives more information, and terse just prints the
 names
@@ -158,7 +157,7 @@ names
 .Nm rename
 .Ar from to
 .Pp
-.Bd -filled -offset indent
+.Bd -ragged -offset indent
 renames a principal
 .Ed
 .Pp
@@ -173,26 +172,25 @@ renames a principal
 .Op Fl -kvno= Ns Ar number
 .Ar principal
 .Pp
-.Bd -filled -offset indent
+.Bd -ragged -offset indent
 modifies certain attributes of a principal
 .Ed
 .Pp
 .Nm privileges
 .Pp
-.Bd -filled -offset indent
+.Bd -ragged -offset indent
 lists the operations you are allowd to perform
 .Ed
 .Pp
 .Ed
-
+.Pp
 When running in local mode, the following commands can also be used.
-
 .Bd -ragged -offset indent
 .Nm dump
 .Op Fl d | Fl -decrypt
 .Op Ar dump-file
 .Pp
-.Bd -filled -offset indent
+.Bd -ragged -offset indent
 writes the database in
 .Dq human readable
 form to the specified file, or standard out
@@ -203,7 +201,7 @@ form to the specified file, or standard out
 .Op Fl -realm-max-renewable-life= Ns Ar string
 .Ar realm
 .Pp
-.Bd -filled -offset indent
+.Bd -ragged -offset indent
 initialises the Kerberos database with entries for a new realm, it's
 possible to have more than one realm served by one server
 .Ed
@@ -211,21 +209,20 @@ possible to have more than one realm served by one server
 .Nm load
 .Ar file
 .Pp
-.Bd -filled -offset indent
+.Bd -ragged -offset indent
 reads a previously dumped database, and re-creates that database from scratch
 .Ed
 .Pp
 .Nm merge
 .Ar file
 .Pp
-.Bd -filled -offset indent
+.Bd -ragged -offset indent
 similar to 
 .Nm list
 but just modifies the database with the entries in the dump file
 .Ed
 .Pp
 .Ed
-
 .\".Sh ENVIRONMENT
 .\".Sh FILES
 .\".Sh EXAMPLES

crypto/heimdal/kadmin/kadmind.8

@@ -3,8 +3,7 @@
 .Os HEIMDAL
 .Sh NAME
 .Nm kadmind
-.Nd
-server for administrative access to kerberos database
+.Nd "server for administrative access to kerberos database"
 .Sh SYNOPSIS
 .Nm
 .Oo Fl c Ar file \*(Ba Xo
@@ -32,7 +31,7 @@ connection. The
 option causes 
 .Nm
 to accept exactly one connection, which is useful for debugging. 
-
+.Pp
 If built with krb4 support, it implements both the Heimdal Kerberos 5
 administrative protocol and the Kerberos 4 protocol. Password changes
 via the Kerberos 4 protocol are also performed by

crypto/heimdal/kdc/hprop.8

@@ -5,8 +5,7 @@
 .Os HEIMDAL
 .Sh NAME
 .Nm hprop
-.Nd
-propagate the KDC database
+.Nd propagate the KDC database
 .Sh SYNOPSIS
 .Nm
 .Oo Fl m Ar file \*(Ba Xo
@@ -37,8 +36,8 @@ propagate the KDC database
 .Op Fl v | Fl -verbose
 .Op Fl -version
 .Op Fl h | Fl -help
-.Ar host Ns Op :port
-...
+.Ar host Ns Op : Ns Ar port
+.Ar ...
 .Sh DESCRIPTION
 .Nm
 takes a principal database in a specified format and converts it into
@@ -112,7 +111,7 @@ This option thansmits the database with encrypted keys.
 .Xc
 Dump the database on stdout, in a format that can be fed to hpropd.
 .El
-
+.Pp
 The following options are only valid if
 .Nm hprop
 is compiled with support for Kerberos 4 (kaserver).
@@ -145,7 +144,6 @@ Deprecated, identical to
 Deprecated, identical to 
 .Sq --source=kaserver .
 .El
-
 .Sh EXAMPLES
 The following will propagate a database to another machine (which
 should run
@@ -153,12 +151,12 @@ should run
 .Bd -literal -offset indent
 $ hprop slave-1 slave-2
 .Ed
-
+.Pp
 Copy a Kerberos 4 database to a Kerberos 5 slave:
 .Bd -literal -offset indent
 $ hprop --source=krb4-db -E krb5-slave
 .Ed
-
+.Pp
 Convert a Kerberos 4 dump-file for use with a Heimdal KDC:
 .Bd -literal -offset indent
 $ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump -E | hpropd -n

crypto/heimdal/kdc/hpropd.8

@@ -1,12 +1,11 @@
 .\" $Id: hpropd.8,v 1.5 2000/11/12 15:37:33 joda Exp $
 .\"
-.Dd Aug 27, 1997
+.Dd August 27, 1997
 .Dt HPROPD 8
 .Os HEIMDAL
 .Sh NAME
 .Nm hpropd
-.Nd
-receive a propagated database
+.Nd receive a propagated database
 .Sh SYNOPSIS
 .Nm
 .Oo Fl d Ar file \*(Ba Xo

crypto/heimdal/kdc/kdc.8

@@ -5,8 +5,7 @@
 .Os HEIMDAL
 .Sh NAME
 .Nm kdc
-.Nd
-Kerberos 5 server
+.Nd Kerberos 5 server
 .Sh SYNOPSIS
 .Nm
 .Oo Fl c Ar file \*(Ba Xo

crypto/heimdal/kdc/kstash.8

@@ -5,8 +5,7 @@
 .Os HEIMDAL
 .Sh NAME
 .Nm kstash
-.Nd
-store the KDC master password in a file
+.Nd "store the KDC master password in a file"
 .Sh SYNOPSIS
 .Nm
 .Oo Fl e Ar string \*(Ba Xo

crypto/heimdal/kdc/string2key.8

@@ -5,8 +5,7 @@
 .Os HEIMDAL
 .Sh NAME
 .Nm string2key
-.Nd
-map a password into a key
+.Nd map a password into a key
 .Sh SYNOPSIS
 .Nm
 .Op Fl 5 | Fl -version5

crypto/heimdal/kpasswd/kpasswd.1

@@ -5,8 +5,7 @@
 .Os HEIMDAL
 .Sh NAME
 .Nm kpasswd
-.Nd
-Kerberos 5 password changing program
+.Nd Kerberos 5 password changing program
 .Sh SYNOPSIS
 .Nm
 .Op Ar principal

crypto/heimdal/kpasswd/kpasswdd.8

@@ -5,8 +5,7 @@
 .Os HEIMDAL
 .Sh NAME
 .Nm kpasswdd
-.Nd
-Kerberos 5 password changing server
+.Nd Kerberos 5 password changing server
 .Sh SYNOPSIS
 .Nm
 .Op Fl -check-library= Ns Ar library

crypto/heimdal/kuser/kdestroy.1

@@ -1,12 +1,11 @@
 .\" $Id: kdestroy.1,v 1.2 1999/05/14 14:05:40 assar Exp $
 .\"
-.Dd Aug 27, 1997
+.Dd August 27, 1997
 .Dt KDESTROY 1
 .Os HEIMDAL
 .Sh NAME
 .Nm kdestroy
-.Nd
-destroy the current ticket file
+.Nd destroy the current ticket file
 .Sh SYNOPSIS
 .Nm
 .Op Fl c Ar cachefile

crypto/heimdal/kuser/kgetcred.1

@@ -5,8 +5,7 @@
 .Os HEIMDAL
 .Sh NAME
 .Nm kgetcred
-.Nd
-get a ticket for a particular service
+.Nd "get a ticket for a particular service"
 .Sh SYNOPSIS
 .Nm
 .Oo Fl e Ar enctype \*(Ba Xo

crypto/heimdal/kuser/kinit.1

@@ -6,8 +6,7 @@
 .Sh NAME
 .Nm kinit ,
 .Nm kauth
-.Nd
-acquire initial tickets
+.Nd acquire initial tickets
 .Sh SYNOPSIS
 .Nm kinit
 .Op Fl 4 | Fl -524init

crypto/heimdal/kuser/klist.1

@@ -5,8 +5,7 @@
 .Os HEIMDAL
 .Sh NAME
 .Nm klist
-.Nd
-list Kerberos credentials
+.Nd list Kerberos credentials
 .Sh SYNOPSIS
 .Nm
 .Oo Fl c Ar cache \*(Ba Xo
@@ -81,7 +80,7 @@ pre-authenticated
 .It H
 hardware authenticated
 .El
-
+.Pp
 This information is also output with the 
 .Fl -verbose
 option, but in a more verbose way.

crypto/heimdal/lib/krb5/kerberos.8

@@ -42,8 +42,8 @@ without giving your password.
 .Pp
 For more information on how Kerberos works, and other general Kerberos
 questions see the Kerberos FAQ at
-.Ad http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html .
-
+.Pa http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html .
+.Pp
 For setup instructions see the Heimdal Texinfo manual.
 .Sh SEE ALSO
 .Xr ftp 1

crypto/heimdal/lib/krb5/krb5.conf.5

@@ -5,8 +5,7 @@
 .Os HEIMDAL
 .Sh NAME
 .Nm /etc/krb5.conf
-.Nd
-Configuration file for Kerberos 5
+.Nd configuration file for Kerberos 5
 .Sh DESCRIPTION
 The 
 .Nm

crypto/heimdal/lib/krb5/krb5_425_conv_principal.3

@@ -7,7 +7,7 @@
 .Nm krb5_425_conv_principal ,
 .Nm krb5_425_conv_principal_ext ,
 .Nm krb5_524_conv_principal
-.Nd Converts to and from version 4 principals
+.Nd converts to and from version 4 principals
 .Sh SYNOPSIS
 .Fd #include <krb5.h>
 .Ft krb5_error_code

crypto/heimdal/lib/krb5/krb5_appdefault.3

@@ -7,27 +7,23 @@
 .Nm krb5_appdefault_boolean ,
 .Nm krb5_appdefault_string ,
 .Nm krb5_appdefault_time
-.Nd Get application configuration value
-
+.Nd get application configuration value
 .Sh SYNOPSIS
 .Fd #include <krb5.h>
-
 .Ft void
 .Fn krb5_appdefault_boolean "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "krb5_boolean def_val" "krb5_boolean *ret_val"
 .Ft void
 .Fn krb5_appdefault_string "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "const char *def_val" "char **ret_val"
 .Ft void
 .Fn krb5_appdefault_time "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "time_t def_val" "time_t *ret_val"
-
 .Sh DESCRIPTION
-
 These functions get application application defaults from the 
 .Dv appdefaults
 section of the
 .Xr krb5.conf 5 
 configuration file. These defaults can be specified per application,
 and/or per realm.
-
+.Pp
 These values will be looked for in 
 .Xr krb5.conf 5 ,
 in order of descending importance.
@@ -46,12 +42,11 @@ in order of descending importance.
 	}
 	option = value
 .Ed
-
+.Pp
 If the realm is omitted it will not be used for resolving values.  If
 no value can be found,
 .Fa def_val
 is returned instead.
-
 .Sh SEE ALSO
 .Xr krb5_config 3 ,
 .Xr krb5.conf 5

crypto/heimdal/lib/krb5/krb5_auth_context.3

@@ -34,7 +34,7 @@
 .Nm krb5_auth_con_setrcache ,
 .Nm krb5_auth_con_initivector ,
 .Nm krb5_auth_con_setivector
-.Nd manage authetication on connection level.
+.Nd manage authetication on connection level
 .Sh SYNOPSIS
 .Fd #include <krb5.h>
 .Ft krb5_error_code

crypto/heimdal/lib/krb5/krb5_build_principal.3

@@ -9,7 +9,7 @@
 .Nm krb5_build_principal_va ,
 .Nm krb5_build_principal_va_ext ,
 .Nm krb5_make_principal
-.Nd Principal creation functions
+.Nd principal creation functions
 .Sh SYNOPSIS
 .Fd #include <krb5.h>
 .Ft krb5_error_code

crypto/heimdal/lib/krb5/krb5_config.3

@@ -8,11 +8,9 @@
 .Nm krb5_config_get_int_default ,
 .Nm krb5_config_get_string_default ,
 .Nm krb5_config_get_time_default
-.Nd Get configuration value
-
+.Nd get configuration value
 .Sh SYNOPSIS
 .Fd #include <krb5.h>
-
 .Ft krb5_boolean
 .Fn krb5_config_get_bool_default "krb5_context context" "krb5_config_section *c" "krb5_boolean def_value" "..."
 .Ft int
@@ -21,27 +19,24 @@
 .Fn krb5_config_get_string_default "krb5_context context" "krb5_config_section *c" "const char *def_value" "..."
 .Ft int
 .Fn krb5_config_get_time_default "krb5_context context" "krb5_config_section *c" "int def_value" "..."
-
 .Sh DESCRIPTION
-
 These functions get values from the 
 .Xr krb5.conf 5 
 configuration file, or another configuration database specified by the
 .Fa c
 parameter.
-
+.Pp
 The variable arguments should be a list of strings naming each
 subsection to look for. For example:
-
 .Bd -literal -offset indent
 krb5_config_get_bool_default(context, NULL, FALSE, "libdefaults", "log_utc", NULL)
 .Ed
-
+.Pp
 gets the boolean value for the
 .Dv log_utc
 option, defaulting to
 .Dv FALSE .
-
+.Pp
 .Fn krb5_config_get_bool_default
 will convert the option value to a boolean value, where
 .Sq yes , 
@@ -50,22 +45,19 @@ and any non-zero number means
 .Dv TRUE ,
 and any other value 
 .Dv FALSE .
-
+.Pp
 .Fn krb5_config_get_int_default
 will convert the value to an integer.
-
+.Pp
 .Fn krb5_config_get_time_default
 will convert the value to a period of time (not a time stamp) in
 seconds, so the string
 .Sq 2 weeks
 will be converted to
 1209600 (2 * 7 * 24 * 60 * 60).
-
 .Sh BUGS
-
 Other than for the string case, there's no way to tell whether there
 was a value specified or not.
-
 .Sh SEE ALSO
 .Xr krb5_appdefault 3 ,
 .Xr krb5.conf 5

crypto/heimdal/lib/krb5/krb5_free_principal.3

@@ -5,7 +5,7 @@
 .Os HEIMDAL
 .Sh NAME
 .Nm krb5_free_principal
-.Nd Principal free function
+.Nd principal free function
 .Sh SYNOPSIS
 .Fd #include <krb5.h>
 .Ft void

crypto/heimdal/lib/krb5/krb5_parse_name.3

@@ -5,7 +5,7 @@
 .Os HEIMDAL
 .Sh NAME
 .Nm krb5_parse_name
-.Nd String to principal conversion
+.Nd string to principal conversion
 .Sh SYNOPSIS
 .Fd #include <krb5.h>
 .Ft krb5_error_code

crypto/heimdal/lib/krb5/krb5_sname_to_principal.3

@@ -6,7 +6,7 @@
 .Sh NAME
 .Nm krb5_sname_to_principal ,
 .Nm krb5_sock_to_principal
-.Nd Create a service principal
+.Nd create a service principal
 .Sh SYNOPSIS
 .Fd #include <krb5.h>
 .Ft krb5_error_code

crypto/heimdal/lib/krb5/krb5_unparse_name.3

@@ -6,7 +6,7 @@
 .Sh NAME
 .Nm krb5_unparse_name
 .\" .Nm krb5_unparse_name_ext
-.Nd Principal to string conversion
+.Nd principal to string conversion
 .Sh SYNOPSIS
 .Fd #include <krb5.h>
 .Ft krb5_error_code

crypto/heimdal/lib/krb5/verify_krb5_conf.8

@@ -5,8 +5,7 @@
 .Os HEIMDAL
 .Sh NAME
 .Nm verify_krb5_conf
-.Nd
-does a crude test that
+.Nd does a crude test that
 .Pa krb5.conf
 does not contain any obvious syntax error
 .Sh SYNOPSIS

crypto/heimdal/lib/vers/make-print-version.c

@@ -42,7 +42,7 @@ RCSID("$Id: make-print-version.c,v 1.2 2000/07/08 10:46:36 assar Exp $");
 extern const char *heimdal_version;
 #endif
 #ifdef KRB4
-extern const char *krb4_version;
+extern char *krb4_version;
 #endif
 #include <version.h>
 

crypto/heimdal/tools/krb5-config.1

@@ -5,8 +5,7 @@
 .Os HEIMDAL
 .Sh NAME
 .Nm krb5-config
-.Nd
-give information on how to link code against Heimdal libraries
+.Nd "give information on how to link code against Heimdal libraries"
 .Sh SYNOPSIS
 .Nm
 .Op Fl -prefix Ns Op = Ns Ar dir