3 files changed, 113 insertions, 2 deletions
diff --git a/base/java-tools/man/man1/pki-audit.1 b/base/java-tools/man/man1/pki-audit.1
new file mode 100644
index 000000000..a20ed0032
--- /dev/null
+++ b/base/java-tools/man/man1/pki-audit.1
@@ -0,0 +1,104 @@
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH pki-audit 1 "Jun 30, 2015" "version 10.2" "PKI Audit Management Commands" Dogtag Team
+.\" Please adjust this date whenever revising the man page.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh        disable hyphenation
+.\" .hy        enable hyphenation
+.\" .ad l      left justify
+.\" .ad b      justify to both left and right margins
+.\" .nf        disable filling
+.\" .fi        enable filling
+.\" .br        insert line break
+.\" .sp <n>    insert n+1 empty lines
+.\" for man page specific macros, see man(7)
+.SH NAME
+pki-audit \- Command-Line Interface for managing Certificate System audit configuration.
+
+.SH SYNOPSIS
+.nf
+\fBpki\fR [CLI options] \fB<subsystem>-audit\fR
+\fBpki\fR [CLI options] \fB<subsystem>-audit-show\fR [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-audit-mod --action <action>\fR [command options]
+\fBpki\fR [CLI options] \fB<subsystem>-audit-mod --input <input file>\fR [command options]
+.fi
+
+.SH DESCRIPTION
+.PP
+The \fBpki-audit\fR commands provide command-line interfaces to manage audit
+configuration in the specified subsystem. Currently the only supported
+subsystem is \fBtps\fR.
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-audit\fR
+.RS 4
+This command is to list the available audit commands for the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-audit-show\fR [command options]
+.RS 4
+This command is to show the audit configuration in the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-audit-mod --action <action>\fR [command options]
+.RS 4
+This command is to change the audit (enabled/disabled) status in the subsystem.
+.RE
+.PP
+\fBpki\fR [CLI options] \fB<subsystem>-audit-mod --input <input file>\fR [command options]
+.RS 4
+This command is to modify the audit configuration in the subsystem.
+.RE
+
+.SH OPTIONS
+The CLI options are described in \fBpki\fR(1).
+
+.SH OPERATIONS
+To view available audit commands, type \fBpki <subsystem>-audit\fP. To view
+each command's usage, type \fB pki <subsystem>-audit-<command> \-\-help\fP.
+
+All audit commands must be executed with the subsystem's admin authentication
+(the user must be in the Administrators group). See also the Authentication
+section in \fBpki\fP(1).
+
+.SS Viewing audit configuration
+
+To view the audit configuration in TPS execute the following command:
+
+.B pki <TPS admin authentication> tps-audit-show
+
+To download the audit configuration from TPS into a file execute the following
+command:
+
+.B pki <TPS admin authentication> tps-audit-show --output <output file>
+
+.SS Changing audit status
+
+To enable/disable audit in TPS, execute the following command:
+
+.B pki <TPS admin authentication> tps-audit-mod --action <action>
+
+where action is enable or disable.
+
+.SS Modifying audit configuration
+
+To modify the audit configuration in TPS, download the current configuration
+using the above \fBtps-audit-show\fP command, edit the file, then execute the
+following command:
+
+.B pki <TPS admin authentication> tps-audit-mod --input <input file>
+
+Optionally, a --output <output file> option may be specified to download the
+effective configuration after the modification.
+
+.SH AUTHORS
+Endi S. Dewata <edewata@redhat.com>.
+
+.SH COPYRIGHT
+Copyright (c) 2015 Red Hat, Inc. This is licensed under the GNU General Public
+License, version 2 (GPLv2). A copy of this license is available at
+http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
+
+.SH SEE ALSO
+.BR pki(1)
diff --git a/base/java-tools/man/man1/pki.1 b/base/java-tools/man/man1/pki.1
index 41ee3d3da..3de8f6e92 100644
--- a/base/java-tools/man/man1/pki.1
+++ b/base/java-tools/man/man1/pki.1
@@ -102,7 +102,9 @@ Alternatively, the connection parameters can be specified as a URI:
 where the URI is of the format \fI<protocol>://<hostname>:<port>\fP.
 
 .SS Authentication
-Some commands require authentication.  These are commands that are restricted to particular sets of users (such as agents or admins) or those operations involving certificate profiles that require authentication.
+Some commands require authentication. These are commands that are restricted
+to particular sets of users (such as agents or admins) or those operations
+involving certificate profiles that require authentication.
 
 To execute a command without authentication:
 
@@ -133,7 +135,11 @@ To authenticate with a username by interactively prompting for a password:
 Prompting for a user password is not suitable for automated batch processing.
 
 .SS Client Authentication Setup
-A client certificate associated with the desired PKI server must be used for client authentication. This can be done by importing the client certificate into an NSS security database and passing the values to the relevant options provided by the \fBpki\fP CLI framework.
+
+A client certificate associated with the desired PKI server must be used for
+client authentication. This can be done by importing the client certificate
+into an NSS security database and passing the values to the relevant options
+provided by the \fBpki\fP CLI framework.
 
 To achieve this, execute the following commands to set up an NSS security database for use by the \fBpki\fP client, import the client certificate into the NSS database, and list information (including the nickname of the client certificate) stored in the NSS database:
 
diff --git a/specs/pki-core.spec b/specs/pki-core.spec
index 93ad88d3f..4009499ec 100644
--- a/specs/pki-core.spec
+++ b/specs/pki-core.spec
@@ -858,6 +858,7 @@ systemctl daemon-reload
 %{_javadir}/pki/pki-tools.jar
 %{_datadir}/pki/java-tools/
 %{_mandir}/man1/pki.1.gz
+%{_mandir}/man1/pki-audit.1.gz
 %{_mandir}/man1/pki-cert.1.gz
 %{_mandir}/man1/pki-client.1.gz
 %{_mandir}/man1/pki-group.1.gz