Clean up labels in RST docs

In various labels, correct typos, remove the redundant "_label"
suffix, and avoid overabbreviating.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25715 dc483132-0cff-0310-8789-dd5450dbe970

40 files changed, 90 insertions, 95 deletions

diff --git a/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst b/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst
index 3c78ad9a20..575e1f1c7f 100644
--- a/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst
+++ b/doc/rst_source/krb_admins/admin_commands/kadmin_local.rst
@@ -6,7 +6,7 @@ kadmin
 SYNOPSIS
 --------
 
-.. _kadmin_synopsys:
+.. _kadmin_synopsis:
 
 **kadmin**
 [**-O**\|\ **-N**]
@@ -26,7 +26,7 @@ SYNOPSIS
 [**-m**]
 [**-x** *db_args*]
 
-.. _kadmin_synopsys_end:
+.. _kadmin_synopsis_end:
 
 
 DESCRIPTION
@@ -852,7 +852,7 @@ list_policies
 
 Retrieves all or some policy names.  *expression* is a shell-style
 glob expression that can contain the wild-card characters ``?``,
-``*``, and ``[]'`.  All policy names matching the expression are
+``*``, and ``[]``.  All policy names matching the expression are
 printed.  If no expression is provided, all existing policy names are
 printed.
 
diff --git a/doc/rst_source/krb_admins/admin_commands/kdb5_util.rst b/doc/rst_source/krb_admins/admin_commands/kdb5_util.rst
index bc9c3c5b10..1c608cb033 100644
--- a/doc/rst_source/krb_admins/admin_commands/kdb5_util.rst
+++ b/doc/rst_source/krb_admins/admin_commands/kdb5_util.rst
@@ -6,7 +6,7 @@ kdb5_util
 SYNOPSIS
 --------
 
-.. _kdb5_util_synopsys:
+.. _kdb5_util_synopsis:
 
 **kdb5_util**
 [**-r** *realm*]
@@ -18,7 +18,7 @@ SYNOPSIS
 [**-m**]
 *command* [*command_options*]
 
-.. _kdb5_util_synopsys_end:
+.. _kdb5_util_synopsis_end:
 
 DESCRIPTION
 -----------
diff --git a/doc/rst_source/krb_admins/appl_servers/conf_firewall.rst b/doc/rst_source/krb_admins/appl_servers/conf_firewall.rst
index 783c900397..57d512700d 100644
--- a/doc/rst_source/krb_admins/appl_servers/conf_firewall.rst
+++ b/doc/rst_source/krb_admins/appl_servers/conf_firewall.rst
@@ -1,4 +1,4 @@
-.. _conf_firewall_label:
+.. _conf_firewall:
 
 Configuring your firewall to work with Kerberos V5
 ==================================================
diff --git a/doc/rst_source/krb_admins/appl_servers/index.rst b/doc/rst_source/krb_admins/appl_servers/index.rst
index a546392120..db3f5c1b03 100644
--- a/doc/rst_source/krb_admins/appl_servers/index.rst
+++ b/doc/rst_source/krb_admins/appl_servers/index.rst
@@ -4,9 +4,9 @@ Application servers
 If you need to install the Kerberos V5 programs on an application
 server, please refer to the Kerberos V5 Installation Guide.  Once you
 have installed the software, you need to add that host to the Kerberos
-database (see :ref:`add_mod_del_princs_label`), and generate a keytab
-for that host, that contains the host's key.  You also need to make
-sure the host's clock is within your maximum clock skew of the KDCs.
+database (see :ref:`add_mod_del_princs`), and generate a keytab for
+that host, that contains the host's key.  You also need to make sure
+the host's clock is within your maximum clock skew of the KDCs.
 
 .. toctree::
    :maxdepth: 2
diff --git a/doc/rst_source/krb_admins/conf_files/krb5_conf.rst b/doc/rst_source/krb_admins/conf_files/krb5_conf.rst
index ee469c524b..fb1e2401cf 100644
--- a/doc/rst_source/krb_admins/conf_files/krb5_conf.rst
+++ b/doc/rst_source/krb_admins/conf_files/krb5_conf.rst
@@ -136,7 +136,7 @@ The libdefaults section may contain any of the following relations:
 **default_realm**
     Identifies the default Kerberos realm for the client.  Set its
     value to your Kerberos realm.  If this is not specified and the
-    TXT record lookup is enabled (see :ref:`udns_label`), then that
+    TXT record lookup is enabled (see :ref:`using_dns`), then that
     information will be used to determine the default realm.  If this
     tag is not set in this configuration file and there is no DNS
     information found, then an error will be returned.
@@ -438,7 +438,7 @@ following tags may be specified in the realm's subsection:
     be able to communicate with the KDC for each realm, this tag must
     be given a value in each realm subsection in the configuration
     file, or there must be DNS SRV records specifying the KDCs (see
-    :ref:`udns_label`).
+    :ref:`using_dns`).
 
 **kpasswd_server**
     Points to the server where all the password changes are performed.
@@ -1185,8 +1185,6 @@ PKINIT krb5.conf options
     The default is false.
 
 
-.. _krb5_conf_sample_label:
-
 Sample krb5.conf file
 ---------------------
 
diff --git a/doc/rst_source/krb_admins/conf_ldap.rst b/doc/rst_source/krb_admins/conf_ldap.rst
index 3b842626c8..bbd8f76dbe 100644
--- a/doc/rst_source/krb_admins/conf_ldap.rst
+++ b/doc/rst_source/krb_admins/conf_ldap.rst
@@ -114,7 +114,7 @@ Configuring Kerberos with OpenLDAP back-end
    :ref:`krb5_conf_sample_label`.
 
 8. Create the realm using :ref:`kdb5_ldap_util(8)` (see
-   :ref:`ldap_create_realm_label`)::
+   :ref:`ldap_create_realm`)::
 
        kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees ou=users,dc=example,dc=com -r EXAMPLE.COM -s
 
@@ -125,8 +125,7 @@ Configuring Kerberos with OpenLDAP back-end
    exist underneath the realm container, omit the **-subtrees** option
    and do not worry about creating the principal subtree.
 
-   For more information, refer to the section
-   :ref:`ops_on_ldap_label`.
+   For more information, refer to the section :ref:`ops_on_ldap`.
 
    The realm object is created under the
    **ldap_kerberos_container_dn** specified in the configuration file.
@@ -137,7 +136,7 @@ Configuring Kerberos with OpenLDAP back-end
 9. Stash the password of the service object used by the KDC and
    Administration service to bind to the LDAP server using the
    :ref:`kdb5_ldap_util(8)` **stashsrvpw** command (see
-   :ref:`stash_ldap_label`).  The object DN should be the same as
+   :ref:`stash_ldap`).  The object DN should be the same as
    **ldap_kdc*_dn* and **ldap_kadmind_dn** values specified in the
    :ref:`krb5.conf(5)` file::
 
diff --git a/doc/rst_source/krb_admins/database/db_operations/index.rst b/doc/rst_source/krb_admins/database/db_operations/index.rst
index 3487eaa09d..af266de7c7 100644
--- a/doc/rst_source/krb_admins/database/db_operations/index.rst
+++ b/doc/rst_source/krb_admins/database/db_operations/index.rst
@@ -1,4 +1,4 @@
-.. _db_operations_label:
+.. _db_operations:
 
 Operations on the Kerberos database
 ===================================
@@ -7,8 +7,8 @@ The :ref:`kdb5_util(8)` command is the primary tool for administrating
 the Kerberos database.
 
 .. include:: ../../admin_commands/kdb5_util.rst
-   :start-after:  _kdb5_util_synopsys:
-   :end-before: _kdb5_util_synopsys_end:
+   :start-after:  _kdb5_util_synopsis:
+   :end-before: _kdb5_util_synopsis_end:
 
 **OPTIONS**
 
diff --git a/doc/rst_source/krb_admins/database/db_options.rst b/doc/rst_source/krb_admins/database/db_options.rst
index 4020ad45d4..d9769c9d72 100644
--- a/doc/rst_source/krb_admins/database/db_options.rst
+++ b/doc/rst_source/krb_admins/database/db_options.rst
@@ -5,8 +5,8 @@ You can invoke :ref:`kadmin(1)` or kadmin.local with any of the
 following options:
 
 .. include:: ../admin_commands/kadmin_local.rst
-   :start-after:  kadmin_synopsys:
-   :end-before: kadmin_synopsys_end:
+   :start-after:  kadmin_synopsis:
+   :end-before: kadmin_synopsis_end:
 
 **OPTIONS**
 
diff --git a/doc/rst_source/krb_admins/database/db_policies/index.rst b/doc/rst_source/krb_admins/database/db_policies/index.rst
index cb1104a606..7e5ea798d6 100644
--- a/doc/rst_source/krb_admins/database/db_policies/index.rst
+++ b/doc/rst_source/krb_admins/database/db_policies/index.rst
@@ -1,5 +1,3 @@
-.. _db_policies_label:
-
 Policies
 ========
 
diff --git a/doc/rst_source/krb_admins/database/db_princs/modify_princ.rst b/doc/rst_source/krb_admins/database/db_princs/modify_princ.rst
index 1d3678c8dd..48b8a90665 100644
--- a/doc/rst_source/krb_admins/database/db_princs/modify_princ.rst
+++ b/doc/rst_source/krb_admins/database/db_princs/modify_princ.rst
@@ -1,4 +1,4 @@
-.. _add_mod_del_princs_label:
+.. _add_mod_del_princs:
 
 Adding, modifying and deleting principals
 ============================================
@@ -76,7 +76,7 @@ principals ``krbtgt/EXAMPLE.COM@ATHENA.MIT.EDU`` and
 ``krbtgt/ATHENA.MIT.EDU@EXAMPLE.COM`` to both databases. You need to
 be sure the passwords and the key version numbers (kvno) are the same
 in both databases. This may require explicitly setting the kvno with
-the **-kvno** option. See :ref:`xrealm_authn_label` for more details.
+the **-kvno** option. See :ref:`xrealm_authn` for more details.
 
 If you want to delete a principal ::
 
diff --git a/doc/rst_source/krb_admins/database/db_princs/priv_princ.rst b/doc/rst_source/krb_admins/database/db_princs/priv_princ.rst
index 2243bf3519..bf73e30086 100644
--- a/doc/rst_source/krb_admins/database/db_princs/priv_princ.rst
+++ b/doc/rst_source/krb_admins/database/db_princs/priv_princ.rst
@@ -1,4 +1,4 @@
-.. _privileges_label:
+.. _privileges:
 
 Privileges
 ==========
@@ -46,8 +46,8 @@ l    allows the listing of principals or policies in the database.
 L    disallows the listing of principals or policies in the database.
 m    allows the modification of principals or policies in the database.
 M    disallows the modification of principals or policies in the database.
-p    allow the propagation of  the  principal  database (Used in :ref:`incr_db_prop_label`).
-P    disallow the propagation of the principal database (Used in :ref:`incr_db_prop_label`).
+p    allow the propagation of the principal database (used in :ref:`incr_db_prop`).
+P    disallow the propagation of the principal database (used in :ref:`incr_db_prop`).
 s    allows the explicit setting of the key for a principal
 S    disallows the explicit setting of the key for a principal
 \*   All privileges (admcil).
diff --git a/doc/rst_source/krb_admins/database/incr_db_prop.rst b/doc/rst_source/krb_admins/database/incr_db_prop.rst
index 0dc4360fb3..53e5caa515 100644
--- a/doc/rst_source/krb_admins/database/incr_db_prop.rst
+++ b/doc/rst_source/krb_admins/database/incr_db_prop.rst
@@ -1,4 +1,4 @@
-.. _incr_db_prop_label:
+.. _incr_db_prop:
 
 Incremental database propagation
 ================================
@@ -49,7 +49,7 @@ stored in the default keytab file (``/etc/krb5.keytab``).
 
 On the master KDC side, the ``kiprop/hostname`` principal must be
 listed in the kadmind ACL file kadm5.acl, and given the **p**
-privilege (See :ref:`privileges_label`)
+privilege (see :ref:`privileges`).
 
 On the slave KDC side, :ref:`kpropd(8)` should be run.  When
 incremental propagation is enabled, it will connect to the kadmind on
diff --git a/doc/rst_source/krb_admins/database/ldap_operations/edir_create_realm.rst b/doc/rst_source/krb_admins/database/ldap_operations/edir_create_realm.rst
index 964d82cf3a..5b92917b06 100644
--- a/doc/rst_source/krb_admins/database/ldap_operations/edir_create_realm.rst
+++ b/doc/rst_source/krb_admins/database/ldap_operations/edir_create_realm.rst
@@ -1,9 +1,9 @@
-.. _edir_create_realm_label:
+.. _edir_create_realm:
 
 eDir: Creating a Kerberos realm
 ===============================
 
-See :ref:`ldap_create_realm_label`
+See :ref:`ldap_create_realm`
 
 The following are the eDirectory specific options:
 
@@ -24,13 +24,13 @@ EXAMPLE::
     Re-enter KDC database master key to verify:
     shell%
 
-.. _edir_mod_realm_label:
+.. _edir_mod_realm:
 
 
 eDir: Modifying a Kerberos realm
 ================================
 
-See :ref:`ldap_mod_realm_label`
+See :ref:`ldap_mod_realm`
 
 .. include:: ../../admin_commands/kdb5_ldap_util.rst
    :start-after:  _kdb5_ldap_util_modify_edir:
diff --git a/doc/rst_source/krb_admins/database/ldap_operations/edir_mod_realm.rst b/doc/rst_source/krb_admins/database/ldap_operations/edir_mod_realm.rst
index 369e21d273..4876fb57c0 100644
--- a/doc/rst_source/krb_admins/database/ldap_operations/edir_mod_realm.rst
+++ b/doc/rst_source/krb_admins/database/ldap_operations/edir_mod_realm.rst
@@ -1,10 +1,10 @@
-.. _edir_mod_realm_label:
+.. _edir_mod_realm:
 
 
 eDir: Modifying a Kerberos realm
 =================================
 
-See :ref:`ldap_mod_realm_label`
+See :ref:`ldap_mod_realm`
 
 The following are the eDirectory specific options
 
diff --git a/doc/rst_source/krb_admins/database/ldap_operations/index.rst b/doc/rst_source/krb_admins/database/ldap_operations/index.rst
index 6f2a631c37..7fdbebaabb 100644
--- a/doc/rst_source/krb_admins/database/ldap_operations/index.rst
+++ b/doc/rst_source/krb_admins/database/ldap_operations/index.rst
@@ -1,4 +1,4 @@
-.. _ops_on_ldap_label:
+.. _ops_on_ldap:
 
 Operations on the LDAP database
 ===============================
diff --git a/doc/rst_source/krb_admins/database/ldap_operations/ldap_create_realm.rst b/doc/rst_source/krb_admins/database/ldap_operations/ldap_create_realm.rst
index 46b77bad64..b6e6a903c7 100644
--- a/doc/rst_source/krb_admins/database/ldap_operations/ldap_create_realm.rst
+++ b/doc/rst_source/krb_admins/database/ldap_operations/ldap_create_realm.rst
@@ -1,4 +1,4 @@
-.. _ldap_create_realm_label:
+.. _ldap_create_realm:
 
 Creating a Kerberos realm
 =========================
@@ -10,7 +10,7 @@ If you need to create a new realm, use the :ref:`kdb5_ldap_util(8)`
    :start-after:  _kdb5_ldap_util_create:
    :end-before: _kdb5_ldap_util_create_end:
 
-.. seealso:: :ref:`edir_create_realm_label`
+.. seealso:: :ref:`edir_create_realm`
 
 
 Feedback
diff --git a/doc/rst_source/krb_admins/database/ldap_operations/ldap_mod_realm.rst b/doc/rst_source/krb_admins/database/ldap_operations/ldap_mod_realm.rst
index 5e8ae67fc5..204b566edd 100644
--- a/doc/rst_source/krb_admins/database/ldap_operations/ldap_mod_realm.rst
+++ b/doc/rst_source/krb_admins/database/ldap_operations/ldap_mod_realm.rst
@@ -1,4 +1,4 @@
-.. _ldap_mod_realm_label:
+.. _ldap_mod_realm:
 
 Modifying a Kerberos realm
 ==========================
@@ -10,7 +10,7 @@ If you need to modify a realm, use the :ref:`kdb5_ldap_util(8)`
    :start-after:  _kdb5_ldap_util_modify:
    :end-before: _kdb5_ldap_util_modify_end:
 
-.. seealso:: :ref:`edir_mod_realm_label`
+.. seealso:: :ref:`edir_mod_realm`
 
 
 Feedback
diff --git a/doc/rst_source/krb_admins/database/ldap_operations/ldap_stash_pass.rst b/doc/rst_source/krb_admins/database/ldap_operations/ldap_stash_pass.rst
index 93984def8f..6a18498fd9 100644
--- a/doc/rst_source/krb_admins/database/ldap_operations/ldap_stash_pass.rst
+++ b/doc/rst_source/krb_admins/database/ldap_operations/ldap_stash_pass.rst
@@ -1,4 +1,4 @@
-.. _stash_ldap_label:
+.. _stash_ldap:
 
 Stashing service object's password
 ==================================
diff --git a/doc/rst_source/krb_admins/database/xrealm_authn.rst b/doc/rst_source/krb_admins/database/xrealm_authn.rst
index 91c4d9a2d0..41c23d27a7 100644
--- a/doc/rst_source/krb_admins/database/xrealm_authn.rst
+++ b/doc/rst_source/krb_admins/database/xrealm_authn.rst
@@ -1,4 +1,4 @@
-.. _xrealm_authn_label:
+.. _xrealm_authn:
 
 Cross-realm authentication
 ==========================
diff --git a/doc/rst_source/krb_admins/dns.rst b/doc/rst_source/krb_admins/dns.rst
index b2224f3efb..7ef5c63291 100644
--- a/doc/rst_source/krb_admins/dns.rst
+++ b/doc/rst_source/krb_admins/dns.rst
@@ -1,4 +1,4 @@
-.. _udns_label:
+.. _using_dns:
 
 Using DNS
 =========
@@ -9,9 +9,9 @@ Using DNS
           additions to krb5-bugs@mit.edu.  Your contribution is
           greatly appreciated.
 
-See :ref:`mapping_hn_label`
+See :ref:`mapping_hostnames`
 
-See :ref:`kdc_hn_label`
+See :ref:`kdc_hostnames`
 
 
 Feedback
diff --git a/doc/rst_source/krb_admins/install_appl_srv.rst b/doc/rst_source/krb_admins/install_appl_srv.rst
index 045a080cbe..b18ca263f0 100644
--- a/doc/rst_source/krb_admins/install_appl_srv.rst
+++ b/doc/rst_source/krb_admins/install_appl_srv.rst
@@ -16,7 +16,7 @@ insecure server, and still take advantage of Kerberos V5's single
 sign-on capability.
 
 
-.. _kt_file_label:
+.. _keytab_file:
 
 The keytab file
 ---------------
@@ -24,19 +24,19 @@ The keytab file
 All Kerberos server machines need a keytab file to authenticate to the
 KDC. By default on UNIX-like systems this file is named
 ``/etc/krb5.keytab``.  The keytab file is an encrypted, local, on-disk
-copy of the host's key.  The keytab file, like the stash file (See
-:ref:`create_db_label`) is a potential point-of-entry for a break-in,
-and if compromised, would allow unrestricted access to its host.  The
-keytab file should be readable only by root, and should exist only on
-the machine's local disk.  The file should not be part of any backup
-of the machine, unless access to the backup data is secured as tightly
-as access to the machine's root password itself.
+copy of the host's key.  The keytab file, like the stash file (see
+:ref:`create_db`) is a potential point-of-entry for a break-in, and if
+compromised, would allow unrestricted access to its host.  The keytab
+file should be readable only by root, and should exist only on the
+machine's local disk.  The file should not be part of any backup of
+the machine, unless access to the backup data is secured as tightly as
+access to the machine's root password itself.
 
 In order to generate a keytab for a host, the host must have a
 principal in the Kerberos database.  The procedure for adding hosts to
-the database is described fully in :ref:`add_mod_del_princs_label`.
-(See :ref:`slave_host_key_label` for a brief description.)  The keytab
-is generated by running :ref:`kadmin(1)` and issuing the :ref:`ktadd`
+the database is described fully in :ref:`add_mod_del_princs`.  (See
+:ref:`slave_host_key` for a brief description.)  The keytab is
+generated by running :ref:`kadmin(1)` and issuing the :ref:`ktadd`
 command.
 
 For example, to generate a keytab file to allow the host
diff --git a/doc/rst_source/krb_admins/install_kdc/admins_to_acl.rst b/doc/rst_source/krb_admins/install_kdc/admins_to_acl.rst
index d9b3b69a33..a56a528caf 100644
--- a/doc/rst_source/krb_admins/install_kdc/admins_to_acl.rst
+++ b/doc/rst_source/krb_admins/install_kdc/admins_to_acl.rst
@@ -1,4 +1,4 @@
-.. _admin_acl_label:
+.. _admin_acl:
 
 Add administrators to the ACL file
 ==================================
diff --git a/doc/rst_source/krb_admins/install_kdc/admins_to_db.rst b/doc/rst_source/krb_admins/install_kdc/admins_to_db.rst
index 91597341c9..1200e33209 100644
--- a/doc/rst_source/krb_admins/install_kdc/admins_to_db.rst
+++ b/doc/rst_source/krb_admins/install_kdc/admins_to_db.rst
@@ -15,7 +15,7 @@ administrative privileges on the local filesystem to access database
 files for this command to succeed.)
 
 The administrative principals you create should be the ones you added
-to the ACL file. (See :ref:`admin_acl_label`.)
+to the ACL file (see :ref:`admin_acl`).
 
 In the following example, the administrative principal ``admin/admin``
 is created::
diff --git a/doc/rst_source/krb_admins/install_kdc/create_db.rst b/doc/rst_source/krb_admins/install_kdc/create_db.rst
index 894778f42f..a7e4895278 100644
--- a/doc/rst_source/krb_admins/install_kdc/create_db.rst
+++ b/doc/rst_source/krb_admins/install_kdc/create_db.rst
@@ -1,4 +1,4 @@
-.. _create_db_label:
+.. _create_db:
 
 Create the database
 ===================
@@ -52,7 +52,7 @@ This will create five files in the directory specified in your
   **-s** option.
 
 For more information on administrating Kerberos database see
-:ref:`db_operations_label`.
+:ref:`db_operations`.
 
 
 Feedback
diff --git a/doc/rst_source/krb_admins/install_kdc/index.rst b/doc/rst_source/krb_admins/install_kdc/index.rst
index 018f6b1852..8780ec427c 100644
--- a/doc/rst_source/krb_admins/install_kdc/index.rst
+++ b/doc/rst_source/krb_admins/install_kdc/index.rst
@@ -79,8 +79,8 @@ Install the Slave KDCs
 Once your KDCs are set up and running, you are ready to use
 :ref:`kadmin(1)` to load principals for your users, hosts, and other
 services into the Kerberos database.  This procedure is described
-fully in the :ref:`add_mod_del_princs_label`.  The keytab is generated
-by running kadmin and issuing the :ref:`ktadd` command.
+fully in the :ref:`add_mod_del_princs`.  The keytab is generated by
+running kadmin and issuing the :ref:`ktadd` command.
 
 You may occasionally want to use one of your slave KDCs as the master.
 This might happen if you are upgrading the master KDC, or if your
diff --git a/doc/rst_source/krb_admins/install_kdc/kdc_prop_slave.rst b/doc/rst_source/krb_admins/install_kdc/kdc_prop_slave.rst
index b30b0fdffd..dc9270c7b3 100644
--- a/doc/rst_source/krb_admins/install_kdc/kdc_prop_slave.rst
+++ b/doc/rst_source/krb_admins/install_kdc/kdc_prop_slave.rst
@@ -48,9 +48,9 @@ following is an example of a bourne shell script that will do this.
     done
 
 You will need to set up a cron job to run this script at the intervals
-you decided on earlier (See :ref:`db_prop_label` and
-:ref:`incr_db_prop_label`.)  The dump can also be used as a save file.
-Once the operation succeeded, connect to slaves and start thier KDCs.
+you decided on earlier (See :ref:`db_prop` and :ref:`incr_db_prop`.)
+The dump can also be used as a save file.  Once the operation
+succeeded, connect to slaves and start thier KDCs.
 
 Now that the slave KDC has a copy of the Kerberos database, you can
 start the krb5kdc daemon::
@@ -64,8 +64,8 @@ the krb5kdc daemon automatically at boot time.
 Once your KDCs are set up and running, you are ready to use
 :ref:`kadmin(1)` to load principals for your users, hosts, and other
 services into the Kerberos database.  This procedure is described
-fully in the :ref:`add_mod_del_princs_label`.  The keytab is generated
-by running kadmin and issuing the ktadd command.
+fully in the :ref:`add_mod_del_princs`.  The keytab is generated by
+running kadmin and issuing the ktadd command.
 
 
 Propagation failed?
diff --git a/doc/rst_source/krb_admins/install_kdc/mod_conf.rst b/doc/rst_source/krb_admins/install_kdc/mod_conf.rst
index d4e1e19664..2672e52b8b 100644
--- a/doc/rst_source/krb_admins/install_kdc/mod_conf.rst
+++ b/doc/rst_source/krb_admins/install_kdc/mod_conf.rst
@@ -24,10 +24,10 @@ example::
 krb5.conf
 ---------
 
-If you are not using DNS TXT records (see :ref:`mapping_hn_label`),
+If you are not using DNS TXT records (see :ref:`mapping_hostnames`),
 you must specify the **default_realm** in the :ref:`libdefaults`
 section.  If you are not using DNS SRV records (see
-:ref:`kdc_hn_label`), you must include the **kdc** tag for each
+:ref:`kdc_hostnames`), you must include the **kdc** tag for each
 *realm* in the :ref:`realms` section.  To communicate with the kadmin
 server in each realm, the **admin_server** tag must be set in the
 :ref:`realms` section.  If your domain name and realm name are not the
diff --git a/doc/rst_source/krb_admins/install_kdc/slave_install.rst b/doc/rst_source/krb_admins/install_kdc/slave_install.rst
index f21e95cfe8..0b1be907dc 100644
--- a/doc/rst_source/krb_admins/install_kdc/slave_install.rst
+++ b/doc/rst_source/krb_admins/install_kdc/slave_install.rst
@@ -1,4 +1,4 @@
-.. _slave_host_key_label:
+.. _slave_host_key:
 
 Setting up slave KDCs
 =====================
diff --git a/doc/rst_source/krb_admins/install_kdc/stash_file_def.rst b/doc/rst_source/krb_admins/install_kdc/stash_file_def.rst
index ad019274d0..da1cd6cc65 100644
--- a/doc/rst_source/krb_admins/install_kdc/stash_file_def.rst
+++ b/doc/rst_source/krb_admins/install_kdc/stash_file_def.rst
@@ -9,13 +9,13 @@ encrypted form on the KDC's local disk.  The stash file is used to
 authenticate the KDC to itself automatically before starting the
 :ref:`kadmind(8)` and :ref:`krb5kdc(8)` daemons (e.g., as part of the
 machine's boot sequence).  The stash file, like the keytab file (see
-:ref:`kt_file_label` for more information) is a potential
-point-of-entry for a break-in, and if compromised, would allow
-unrestricted access to the Kerberos database.  If you choose to
-install a stash file, it should be readable only by root, and should
-exist only on the KDC's local disk.  The file should not be part of
-any backup of the machine, unless access to the backup data is secured
-as tightly as access to the master password itself.
+:ref:`keytab_file`) is a potential point-of-entry for a break-in, and
+if compromised, would allow unrestricted access to the Kerberos
+database.  If you choose to install a stash file, it should be
+readable only by root, and should exist only on the KDC's local disk.
+The file should not be part of any backup of the machine, unless
+access to the backup data is secured as tightly as access to the
+master password itself.
 
 .. note:: If you choose not to install a stash file, the KDC will prompt you for the master key each time it starts up. 
           This means that the KDC will not be able to start automatically, such as after a system reboot.
diff --git a/doc/rst_source/krb_admins/realm_config/db_prop.rst b/doc/rst_source/krb_admins/realm_config/db_prop.rst
index f669b652a9..c8e46d3092 100644
--- a/doc/rst_source/krb_admins/realm_config/db_prop.rst
+++ b/doc/rst_source/krb_admins/realm_config/db_prop.rst
@@ -1,4 +1,4 @@
-.. _db_prop_label:
+.. _db_prop:
 
 Database propagation
 ====================
@@ -18,7 +18,7 @@ parallel.  To do this, have the master KDC propagate the database to
 one set of slaves, and then have each of these slaves propagate the
 database to additional slaves.
 
-See also :ref:`incr_db_prop_label`
+See also :ref:`incr_db_prop`
 
 
 Feedback
diff --git a/doc/rst_source/krb_admins/realm_config/kdc_hn.rst b/doc/rst_source/krb_admins/realm_config/kdc_hn.rst
index 939f2a600c..eb50e5ec89 100644
--- a/doc/rst_source/krb_admins/realm_config/kdc_hn.rst
+++ b/doc/rst_source/krb_admins/realm_config/kdc_hn.rst
@@ -1,4 +1,4 @@
-.. _kdc_hn_label:
+.. _kdc_hostnames:
 
 Hostnames for KDCs
 ==================
diff --git a/doc/rst_source/krb_admins/realm_config/kdc_ports.rst b/doc/rst_source/krb_admins/realm_config/kdc_ports.rst
index 2bb1b61ffa..4e1aeff994 100644
--- a/doc/rst_source/krb_admins/realm_config/kdc_ports.rst
+++ b/doc/rst_source/krb_admins/realm_config/kdc_ports.rst
@@ -6,7 +6,7 @@ The default ports used by Kerberos are port 88 for the KDC1 and port
 ports, as long as they are specified in each host's ``/etc/services``
 and :ref:`krb5.conf(5)` files, and the :ref:`kdc.conf(5)` file on each
 KDC.  For a more thorough treatment of port numbers used by the
-Kerberos V5 programs, refer to the :ref:`conf_firewall_label`.
+Kerberos V5 programs, refer to the :ref:`conf_firewall`.
 
 Feedback
 --------
diff --git a/doc/rst_source/krb_admins/realm_config/mapping_hn.rst b/doc/rst_source/krb_admins/realm_config/mapping_hn.rst
index 26954f1838..4ed422eeed 100644
--- a/doc/rst_source/krb_admins/realm_config/mapping_hn.rst
+++ b/doc/rst_source/krb_admins/realm_config/mapping_hn.rst
@@ -1,4 +1,4 @@
-.. _mapping_hn_label:
+.. _mapping_hostnames:
 
 
 Mapping hostnames onto Kerberos realms
diff --git a/doc/rst_source/krb_build/options2configure.rst b/doc/rst_source/krb_build/options2configure.rst
index 8edbd9f693..fa5dcb0b42 100644
--- a/doc/rst_source/krb_build/options2configure.rst
+++ b/doc/rst_source/krb_build/options2configure.rst
@@ -48,8 +48,8 @@ Most commonly used options
 **--enable-dns-for-realm**

     Enable the use of DNS to look up a host's Kerberos realm, or a

     realm's KDCs, if the information is not provided in

-    :ref:`krb5.conf(5)`.  See :ref:`kdc_hn_label` for information

-    about using DNS to locate the KDCs, and :ref:`mapping_hn_label`

+    :ref:`krb5.conf(5)`.  See :ref:`kdc_hostnames` for information

+    about using DNS to locate the KDCs, and :ref:`mapping_hostnames`

     for information about using DNS to determine the default realm.

     By default, DNS lookups are enabled for the former but not for the

     latter.

diff --git a/doc/rst_source/krb_users/pwd_mgmt/grant_access.rst b/doc/rst_source/krb_users/pwd_mgmt/grant_access.rst
index 5d9b8a4f8e..54f18e46bf 100644
--- a/doc/rst_source/krb_users/pwd_mgmt/grant_access.rst
+++ b/doc/rst_source/krb_users/pwd_mgmt/grant_access.rst
@@ -1,4 +1,4 @@
-.. _gatya_label:
+.. _grant_access:
 
 Granting access to your account
 ===============================
diff --git a/doc/rst_source/krb_users/pwd_mgmt/index.rst b/doc/rst_source/krb_users/pwd_mgmt/index.rst
index d8dacdeb70..295703045a 100644
--- a/doc/rst_source/krb_users/pwd_mgmt/index.rst
+++ b/doc/rst_source/krb_users/pwd_mgmt/index.rst
@@ -12,8 +12,8 @@ you--send email that comes from you, read, edit, or delete your files,
 or log into other hosts as you--and no one will be able to tell the
 difference.  For this reason, it is important that you choose a good
 password, and keep it secret.  If you need to give access to your
-account to someone else, you can do so through Kerberos.  (See
-:ref:`gatya_label`.)  You should never tell your password to anyone,
+account to someone else, you can do so through Kerberos (see
+:ref:`grant_access`).  You should never tell your password to anyone,
 including your system administrator, for any reason.  You should
 change your password frequently, particularly any time you think
 someone may have found out what it is.
diff --git a/doc/rst_source/krb_users/tkt_mgmt/obtain_kinit.rst b/doc/rst_source/krb_users/tkt_mgmt/obtain_kinit.rst
index 777f877baa..e355e4f315 100644
--- a/doc/rst_source/krb_users/tkt_mgmt/obtain_kinit.rst
+++ b/doc/rst_source/krb_users/tkt_mgmt/obtain_kinit.rst
@@ -1,4 +1,4 @@
-.. _otwk_labal:
+.. _obtain_tkt
 
 Obtaining tickets with kinit
 ============================
@@ -55,7 +55,7 @@ need to request forwardable tickets. You do this by specifying the
 
 Note that kinit does not tell you that it obtained forwardable
 tickets; you can verify this using the :ref:`klist(1)` command (see
-:ref:`vytwk_label`).
+:ref:`view_tkt`).
 
 Normally, your tickets are good for your system's default ticket
 lifetime, which is ten hours on many systems.  You can specify a
diff --git a/doc/rst_source/krb_users/tkt_mgmt/view_klist.rst b/doc/rst_source/krb_users/tkt_mgmt/view_klist.rst
index 9d43a73293..2dd554624a 100644
--- a/doc/rst_source/krb_users/tkt_mgmt/view_klist.rst
+++ b/doc/rst_source/krb_users/tkt_mgmt/view_klist.rst
@@ -1,4 +1,4 @@
-.. _vytwk_label:
+.. _view_tkt:
 
 Viewing tickets with klist
 ==========================
diff --git a/doc/rst_source/krb_users/user_appl/index.rst b/doc/rst_source/krb_users/user_appl/index.rst
index 982399fe4b..501f8204a8 100644
--- a/doc/rst_source/krb_users/user_appl/index.rst
+++ b/doc/rst_source/krb_users/user_appl/index.rst
@@ -29,7 +29,7 @@ because Kerberos has already proven your identity.
 
 The Kerberos V5 network programs allow you the options of forwarding
 your tickets to the remote host (if you obtained forwardable tickets
-with the :ref:`kinit(1)` program; see :ref:`otwk_labal`), and
+with the :ref:`kinit(1)` program; see :ref:`obtain_tkt`), and
 encrypting data transmitted between you and the remote host.
 
 The Kerberos V5 applications are versions of existing UNIX network
diff --git a/doc/rst_source/krb_users/user_appl/ksu.rst b/doc/rst_source/krb_users/user_appl/ksu.rst
index 360763229c..3097d3d87f 100644
--- a/doc/rst_source/krb_users/user_appl/ksu.rst
+++ b/doc/rst_source/krb_users/user_appl/ksu.rst
@@ -96,9 +96,9 @@ The ksu options you are most likely to use are:
                     (e.g., the user *joeadmin* might want to use his admin instance.)
 -c                  specifies the location of your Kerberos credentials cache (ticket file).
 -k                  tells ksu not to destroy your Kerberos tickets when ksu is finished.
--f                  requests forwardable tickets. (See :ref:`otwk_labal`.)
+-f                  requests forwardable tickets. (See :ref:`obtain_tkt`.)
                     This is only applicable if ksu needs to obtain tickets.
--l *lifetime*       sets the ticket lifetime. (See :ref:`otwk_labal`.) i
+-l *lifetime*       sets the ticket lifetime. (See :ref:`obtain_tkt`.)
                     This is only applicable if ksu needs to obtain tickets.
 -z                  tells ksu to copy your Kerberos tickets only if the UID you are switching
                     is the same as the Kerberos primary