Removed Cygnus-specific info

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9015 dc483132-0cff-0310-8789-dd5450dbe970

5 files changed, 140 insertions, 350 deletions

diff --git a/src/appl/bsd/rcp.M b/src/appl/bsd/rcp.M
index ea68120708..9e5040b4b7 100644
--- a/src/appl/bsd/rcp.M
+++ b/src/appl/bsd/rcp.M
@@ -23,13 +23,13 @@
 rcp \- remote file copy
 .SH SYNOPSIS
 .B rcp
-[\fB\-p\fP] [\fB\-x\fP | \fB\-\-encrypt\fP] [\fB\-k\fP \fIrealm\fP ]
-[\fB\-D\fP \fIport\fP] [\fB\-N\fP]
+[\fB\-p\fP] [\fB\-x\fP] [\fB\-k\fP \fIrealm\fP ] [\fB\-D\fP \fIport\fP]
+[\fB\-N\fP]
 .I file1 file2
 .sp
 .B rcp
-[\fB\-p\fB] [\fB\-x\fP | \fB\-\-encrypt\fP] [\fP\-k\fP \fIrealm\fP]
-[\fB\-r\fP] [\fB\-D\fP \fIport\fP] [\fB\-N\fP]
+[\fB\-p\fB] [\fB\-x\fP] [\fP\-k\fP \fIrealm\fP] [\fB\-r\fP] [\fB\-D\fP
+\fIport\fP] [\fB\-N\fP]
 .I file ... directory
 .SH DESCRIPTION
 .B Rcp
@@ -81,7 +81,7 @@ attempt to preserve (duplicate) the modification times and modes of the
 source files in the copies, ignoring the
 .IR umask .
 .TP
-\fB\-x\fP | \fB\-\-encrypt\fP
+\fB\-x\fP
 encrypt all information transferring between hosts.
 .TP
 \fB\-k\fP \fIrealm\fP
@@ -109,44 +109,14 @@ the current machine.  Hostnames may also take the form ``rname@rhost''
 to use
 .I rname
 rather than the current user name on the remote host.
-.SH CONFIGURATION
-The following defaults may be specified in the [appdefaults] or [realms]
-section of the
-.IR krb5.conf (5)
-file:
-.TP "\w'.B encrypt\ \ 'u"
-.B encrypt
-Whether or not to encrypt the data stream.  Takes a boolean argument.
-.PP
-For example:
-.sp
-.nf
-.in +1i
-[appdefaults]
-    rcp = {
-        encrypt = true
-    }
-[realms]
-    FUBAR.ORG = {
-        rcp = {
-            encrypt = false
-        }
-    }
-.in -1i
-.fi
-.sp
 .SH FILES
-.TP "\w'/etc/krb5.conf\ \ 'u"
-/etc/krb5.conf
-file containing local host's Kerberos V5 configuration information
-.sp -1v
-.TP
+.TP "\w'~/.k5login\ \ 'u"
 ~/.k5login
 (on remote host) - file containing Kerberos principals that are allowed
 access.
 .SH SEE ALSO
-cp(1), ftp(1), rsh(1), rlogin(1), kerberos(3), krb_getrealm(3),
-krb5.conf(5), rcp(1) [UCB version]
+cp(1), ftp(1), rsh(1), rlogin(1), kerberos(3), krb_getrealm(3), rcp(1)
+[UCB version]
 .SH BUGS
 .B Rcp
 doesn't detect all cases where the target of a copy might be a file in
diff --git a/src/appl/bsd/rlogin.M b/src/appl/bsd/rlogin.M
index 7267a159c4..0d47803aff 100644
--- a/src/appl/bsd/rlogin.M
+++ b/src/appl/bsd/rlogin.M
@@ -24,12 +24,10 @@ rlogin \- remote login
 .SH SYNOPSIS
 .B rlogin
 .I rhost
-[\fB\-e\fP\fI\|c\fP] [\fB\-8\fP] [\fB\-c\fP] [ \fB\-a\fP] [\fB\-f\fP |
-\fB\-\-forward\fP] [\fB\-\-noforward\fP] [\fB\-F\fP |
-\fB\-\-forwardable\fP] [\fB\-\-noforwardable\fP] [\fB\-t\fP
-\fItermtype\fP] [\fB\-n\fP] [\fB\-7\fP] [\fB\-d\fP] [\fB\-k\fP
-\fIrealm\fP] [\fB\-x\fP | \fB\-\-encrypt\fP] [\fB\-\-noencrypt\fP]
-[\fB\-\-noflow\fP] [\fB\-L\fP] [\fB\-l\fP \fIusername\fP]
+[\fB\-e\fP\fI\|c\fP] [\fB\-8\fP] [\fB\-c\fP] [ \fB\-a\fP] [\fB\-f\fP]
+[\fB\-F\fP] [\fB\-t\fP \fItermtype\fP] [\fB\-n\fP] [\fB\-7\fP]
+[\fB\-d\fP] [\fB\-k\fP \fIrealm\fP] [\fB\-x\fP] [\fB\-L\fP] [\fB\-l\fP
+\fIusername\fP]
 .PP
 .SH DESCRIPTION
 .I Rlogin
@@ -103,26 +101,14 @@ force the remote machine to ask for a password by sending a null local
 username.  This option has no effect unless the standard UCB rlogin is
 executed in place of the Kerberos rlogin (see above).
 .TP
-\fB\-f\fP | \fB\-\-forward\fP
+\fB\-f\fP
 forward a copy of the local credentials to the remote system.
 .TP
-.B \-\-noforward
-disables ticket forwarding.  This is useful for overriding the
-application defaults in the host's
-.IR krb5.conf (5)
-file.
-.TP
-\fB\-F\fP | \fB\-\-forwardable\fP
+\fB\-F\fP
 forward a
 .I forwardable
 copy of the local credentials to the remote system.
 .TP
-.B \-\-noforwardable
-makes any forwarded tickets non-forwardable.  This is useful for
-overriding the application defaults in the host's
-.IR krb5.conf (5)
-file.
-.TP
 \fB\-t\fP \fItermtype\fP
 replace the terminal type passed to the remote host with
 .IR termtype .
@@ -138,71 +124,21 @@ turn on socket debugging (via
 .IR setsockopt (2))
 on the TCP sockets used for communication with the remote host.
 .TP
-.B \-\-noflow
-force transmission of flow control characters (^S/^Q) to the remote
-system.
-.TP
 .B \-k
 request rlogin to obtain tickets for the remote host in realm
 .I realm
 instead of the remote host's realm as determined by 
 .IR krb_realmofhost (3).
 .TP
-\fB\-x\fP | \fB\-\-encrypt\fP
+\fB\-x\fP
 turn on DES encryption for all data passed via the rlogin session.  This
 significantly reduces response time and significantly increases CPU
 utilization.
-.TP
-.B \-\-noencrypt
-disables encryption.  This is useful for overriding the application
-defaults in the host's
-.IR krb5.conf (5)
-file.
-.SH CONFIGURATION
-The following defaults may be specified in the [appdefaults] or [realms]
-section of the
-.IR krb5.conf (5)
-file:
-.TP "\w'.B forwardable\ \ 'u"
-.B forwardable
-Whether or not any forwarded tickets should be forwardable.  Takes a
-boolean argument.
-.TP
-.B forward
-Whether or not to forward tickets to the remote host.  Takes a boolean
-argument.
-.TP
-.B encrypt
-Whether or not to encrypt the data stream.  Takes a boolean argument.
-.PP
-For example:
-.sp
-.nf
-.in +1i
-[appdefaults]
-    rlogin = {
-        forwardable = true
-        forward = true
-        encrypt = true
-    }
-[realms]
-    FUBAR.ORG = {
-        rlogin = {
-            forward = false
-        }
-    }
-.in -1i
-.fi
-.sp
 .SH SEE ALSO
-rsh(1), kerberos(3), krb_sendauth(3), krb_realmofhost(3),
-krb5.conf(5), rlogin(1) [UCB version]
+rsh(1), kerberos(3), krb_sendauth(3), krb_realmofhost(3), rlogin(1) [UCB
+version]
 .SH FILES
-.TP "\w'/etc/krb5.conf\ \ 'u"
-/etc/krb5.conf
-file containing local host's Kerberos V5 configuration information
-.sp -1v
-.TP
+.TP "\w'~/\&.k5login\ \ 'u"
 ~/\&.k5login
 (on remote host) - file containing Kerberos principals that are allowed
 access.
diff --git a/src/appl/bsd/rsh.M b/src/appl/bsd/rsh.M
index 3767d2b9a8..ee262d2ca2 100644
--- a/src/appl/bsd/rsh.M
+++ b/src/appl/bsd/rsh.M
@@ -25,9 +25,7 @@ rsh \- remote shell
 .B rsh
 .I host
 [\fB\-l\fP \fIusername\fP] [\fB\-n\fP] [\fB\-d\fP] [\fB\-k\fP
-\fIrealm\fP] [\fB\-f\fP | \fB\-\-forward\fP | \fB\-F\fP |
-\fB\-\-forwardable\fP] [\fB\-\-noforward\fP] [\fB\-\-noforwardable\fP]
-[\fB\-x\fP | \fB\-\-encrypt\fP] [\fB\-\-noencrypt\fP] [\fB\-\-noflow\fP]
+\fIrealm\fP] [\fB\-f\fP | \fB\-F\fP] [\fB\-x\fP]
 .I command
 .SH DESCRIPTION
 .B Rsh
@@ -62,37 +60,21 @@ sets the remote username to
 .IR username .
 Otherwise, the remote username will be the same as the local username.
 .TP
-\fB\-x\fP | \fB\-\-encrypt\fP
+\fB\-x\fP
 causes the network session traffic to be encrypted.
 .TP
-.B \-\-noencrypt
-disables encryption.  This is useful for overriding the application
-defaults in the host's
-.IR krb5.conf (5)
-file.
-.TP
-\fB\-f\fP | \fB\-\-forward\fP
-The
-.B \-f
-and
-.B \-\-forward
-options cause Kerberos credentials to be forwarded to the remote machine
-for use by the specified
+\fB\-f\fP
+cause nonforwardable Kerberos credentials to be forwarded to the remote
+machine for use by the specified
 .IR command .
 They will be removed when
 .I command
 finishes.  This option is mutually exclusive with the
 .B \-F
-or
-.B \-\-forwardable
-options.
+option.
 .TP
-\fB\-F\fP | \fB\-\-forwardable\fP
-The
-.B \-F
-and
-.B \-\-forwardable
-options cause
+\fB\-F\fP
+cause
 .I forwardable
 Kerberos credentials to be forwarded to the remote machine for use by
 the specified
@@ -101,23 +83,9 @@ They will be removed when
 .I command
 finishes.  This option is mutually exclusive with the
 .B \-f
-or
-.B \-\-forward
-options.
-.TP
-.B \-\-noforward
-disables ticket forwarding.  This is useful for overriding the
-application defaults in the host's
-.IR krb5.conf (5)
-file.
-.TP
-.B \-\-noforwardable
-makes any forwarded tickets non-forwardable.  This is useful for
-overriding the application defaults in the host's
-.IR krb5.conf (5)
-file.
+option.
 .TP
-\fB\-k\fP\fIrealm\fP
+\fB\-k\fP \fIrealm\fP
 causes 
 .I rsh
 to obtain tickets for the remote host in
@@ -134,14 +102,6 @@ on the TCP sockets used for communication with the remote host.
 redirects input from the special device
 .I /dev/null
 (see the BUGS section below).
-.TP
-.B \-\-noflow
-If
-.B rsh
-causes you to be logged into the remote host using
-.IR rlogin (1),
-this option passes the \-\-noflow option to
-.IR rlogin .
 .PP
 If you omit
 .IR command ,
@@ -167,57 +127,16 @@ appends
 .I remotefile
 to
 .IR otherremotefile .
-.SH CONFIGURATION
-The following defaults may be specified in the [appdefaults] or [realms]
-section of the
-.IR krb5.conf (5)
-file:
-.TP "\w'.B forwardable\ \ 'u"
-.B forwardable
-Whether or not any forwarded tickets should be forwardable.  Takes a
-boolean argument.
-.TP
-.B forward
-Whether or not to forward tickets to the remote host.  Takes a boolean
-argument.
-.TP
-.B encrypt
-Whether or not to encrypt the data stream.  Takes a boolean argument.
-.PP
-For example:
-.sp
-.nf
-.in +1i
-[appdefaults]
-    rsh = {
-        forwardable = true
-        forward = true
-        encrypt = true
-    }
-[realms]
-    FUBAR.ORG = {
-        rsh = {
-            forward = false
-        }
-    }
-.in -1i
-.fi
-.sp
 .SH FILES
-.TP "\w'/etc/krb5.conf\ \ 'u"
+.TP "\w'~/.k5login\ \ 'u"
 /etc/hosts
 .sp -1v
 .TP
-/etc/krb5.conf
-file containing local host's Kerberos V5 configuration information
-.sp -1v
-.TP
 ~/\&.k5login
 (on remote host) - file containing Kerberos principals that are allowed
 access.
 .SH SEE ALSO
-rlogin(1), kerberos(3), krb_sendauth(3), krb_realmofhost(3),
-krb5.conf(5)
+rlogin(1), kerberos(3), krb_sendauth(3), krb_realmofhost(3)
 .SH BUGS
 If you are using
 .IR csh (1)
diff --git a/src/appl/telnet/telnet/telnet.1 b/src/appl/telnet/telnet/telnet.1
index 4e6fdf446e..6f022d3cc8 100644
--- a/src/appl/telnet/telnet/telnet.1
+++ b/src/appl/telnet/telnet/telnet.1
@@ -37,12 +37,11 @@
 telnet \- user interface to the TELNET protocol
 .SH SYNOPSIS
 .B telnet
-[\fB\-8\fP] [\fB\-E\fP] [\fB\-F\fP] [\fB\-K\fP | \fB\-\-noautologin\fP]
-[\fB\-L\fP] [\fB\-S\fP \fItos\fP] [\fB\-X\fP \fIauthtype\fP] [\fB\-a\fP
-| \fB\-\-autologin\fP] [\fB\-c\fP] [\fB\-d\fP] [\fB\-e\fP
-\fIescapechar\fP] [\fB\-f\fP] [\fB\-k\fP \fIrealm\fP] [\fB\-l\fP
-\fIuser\fP] [\fB\-n\fP \fItracefile\fP] [\fB\-r\fP] [\fB\-x\fP |
-\fB\-\-encrypt\fP] [\fB\-\-noencrypt\fP] [\fIhost\fP [\fIport\fP]]
+[\fB\-8\fP] [\fB\-E\fP] [\fB\-F\fP] [\fB\-K\fP] [\fB\-L\fP] [\fB\-S\fP
+\fItos\fP] [\fB\-X\fP \fIauthtype\fP] [\fB\-a\fP] [\fB\-c\fP]
+[\fB\-d\fP] [\fB\-e\fP \fIescapechar\fP] [\fB\-f\fP] [\fB\-k\fP
+\fIrealm\fP] [\fB\-l\fP \fIuser\fP] [\fB\-n\fP \fItracefile\fP]
+[\fB\-r\fP] [\fB\-x\fP] [\fIhost\fP [\fIport\fP]]
 .SH DESCRIPTION
 The 
 .B telnet
@@ -68,18 +67,12 @@ option on both input and output.
 .B \-E
 Stop any character from being recognized as an escape character.
 .TP
-\fB\-F\fP | \fB\-\-forwardable\fP
+\fB\-F\fP
 forward a
 .I forwardable
 copy of the local credentials to the remote system.
 .TP
-.B \-\-noforwardable
-make any forwarded tickets non-forwardable.  This is useful for
-overriding the application defaults in the host's
-.IR krb5.conf (5)
-file.
-.TP
-\fB\-K\fP | \fB\-\-noautologin\fP
+\fB\-K\fP
 Specify no automatic login to the remote system.
 .TP
 .B \-L
@@ -98,7 +91,7 @@ Disable the
 .I atype
 type of authentication.
 .TP
-\fB\-a\fP | \fB\-\-autologin\fP
+\fB\-a\fP
 Attempt automatic login.  This sends the user name via the
 .SM USER
 variable of the
@@ -130,15 +123,9 @@ If
 .I escape char
 is omitted, then there will be no escape character.
 .TP
-\fB\-f\fP | \fB\-\-forward\fP
+\fB\-f\fP
 forward a copy of the local credentials to the remote system.
 .TP
-.B \-\-noforward
-disable ticket forwarding.  This is useful for overriding the
-application defaults in the host's
-.IR krb5.conf (5)
-file.
-.TP
 \fB\-k\fP \fIrealm\fP
 If Kerberos authentication is being used, request that telnet obtain
 tickets for the remote host in realm
@@ -174,15 +161,9 @@ unless modified by the
 .B \-e
 option.
 .TP
-\fB\-x\fP | \fB\-\-encrypt\fP
+\fB\-x\fP
 Turn on encryption of the data stream.
 .TP
-.B \-\-noencrypt
-disable encryption.  This is useful for overriding the application
-defaults in the host's
-.IR krb5.conf (5)
-file.
-.TP
 .I host
 Indicates the name, alias, or Internet address of the remote host.
 .TP
@@ -1328,51 +1309,8 @@ environment variables.  Other environment variables may be propagated to
 the other side via the
 .SM TELNET ENVIRON
 option.
-.SH CONFIGURATION
-The following defaults may be specified in the [appdefaults] or [realms]
-section of the
-.IR krb5.conf (5)
-file:
-.TP "\w'.B forwardable\ \ 'u"
-.B forward
-Whether or not to forward tickets to the remote host.  Takes a boolean
-argument.
-.TP
-.B forwardable
-Whether or not any forwarded tickets should be forwardable.  Takes a
-boolean argument.
-.TP
-.B encrypt
-Whether or not to encrypt the data stream.  Takes a boolean argument.
-.TP
-.B autologin
-Whether or not to attempt automatic login.  Takes a boolean argument.
-.PP
-For example:
-.sp
-.nf
-.in +1i
-[appdefaults]
-    telnet = {
-        forwardable = true
-        forward = true
-        encrypt = true
-        autologin = true
-    }
-[realms]
-    FUBAR.ORG = {
-        telnet = {
-            forward = false
-        }
-    }
-.in -1i
-.fi
-.sp
 .SH FILES
-.TP "\w'/etc/krb5.conf\ \ 'u"
-/etc/krb5.conf
-file containing local host's Kerberos V5 configuration information
-.sp -1v
+.TP "\w'~/.telnetrc\ \ 'u"
 .TP
 ~/.telnetrc
 user-customized telnet startup values
diff --git a/src/clients/kinit/kinit.M b/src/clients/kinit/kinit.M
index 3108a0aad4..b35dd67da0 100644
--- a/src/clients/kinit/kinit.M
+++ b/src/clients/kinit/kinit.M
@@ -17,96 +17,123 @@
 .\" permission.  M.I.T. makes no representations about the suitability of
 .\" this software for any purpose.  It is provided "as is" without express
 .\" or implied warranty.
-.\" 
-.\"
-.TH KINIT 1 "Kerberos Version 5.0" "MIT Project Athena"
+.\" "
+.so man1/header.doc
+.TH KINIT 1 \*h
 .SH NAME
 kinit \- obtain and cache Kerberos ticket-granting ticket
 .SH SYNOPSIS
+.TP
 .B kinit
-[
-.B \-l
-.I lifetime
-] [
-.B \-s
-.I starttime
-] [
-.B \-v
-] [
-.B \-p
-] [
-.B \-f
-] [
-.B \-r
-.I rlife
-] [
-.B \-R
-] [
-.B \-c
-.I cachename
-]
-.I principal
+.ad l
+[\fB\-l\fP \fIlifetime\fP] [\fB\-s\fP \fIstart_time\fP] [\fB\-v\fP]
+[\fB\-p\fP] [\fB\-f\fP] [\fB\-k\fP [\fB\-t\fP \fIkeytab_file\fP]]
+[\fB\-r\fP \fIrenewable_life\fP] [\fB\-R\fP] [\fB\-c\fP
+\fIcache_name\fP] [\fB\-S\fP \fIservice_name\fP] [\fIprincipal\fP]
+.ad b
 .br
 .SH DESCRIPTION
 .I kinit
 obtains and caches an initial ticket-granting ticket for
 .IR principal .
-The
+.SH OPTIONS
+.TP
+\fB\-l\fP \fIlifetime\fP
+requests a ticket with the lifetime
+.IR lifetime .
+The value for
+.I lifetime
+must be followed immediately by one of the following delimiters:
+.sp
+.nf
+.in +.3i
+\fBs\fP  seconds
+\fBm\fP  minutes
+\fBh\fP  hours
+\fBd\fP  days
+.in -.3i
+.fi
+.sp
+as in "kinit -l 90m".  You cannot mix units; a value of `3h30m' will
+result in an error.
+.sp
+If the
 .B \-l
-option specifies the lifetime to be requested for the ticket;
-if this option is not specified, the default ticket lifetime (configured
-by each site) is used instead.
-.PP
-The
-.B \-s
-option specifies the start time, and causes you to get a postdated ticket. 
-Postdated tickets are issued with the 
+option is not specified, the default ticket lifetime (configured by each
+site) is used.  Specifying a ticket lifetime longer than the maximum
+ticket lifetime (configured by each site) results in a ticket with the
+maximum lifetime.
+.TP
+\fB\-s\fP \fIstart_time\fP
+requests a postdated ticket, valid starting at
+.IR start_time .
+Postdated tickets are issued with the
 .I invalid
-flag set, and needs to be fed back to the kdc before use. This may be
-accomplished by using the 
+flag set, and need to be fed back to the kdc before use.
+.TP
 .B \-v
-option. 
-.PP
-The
-.B \-p
-option specifies that the PROXIABLE option should be requested for the
+requests that the ticket granting ticket in the cache (with the 
+.I invalid
+flag set) be passed to the kdc for validation.  If the ticket is within
+its requested time range, the cache is replaced with the validated
 ticket.
-.PP
-The
+.TP
+.B \-p
+request proxiable tickets.
+.TP
 .B \-f
-option specifies that the FORWARDABLE option should be requested for the
-ticket.
-.PP
-The
-.B \-r
-.I rlife
-option specifies that the RENEWABLE option should be requested for the
-ticket, and specifies the desired total lifetime of the ticket. To renew
-the ticket, the 
+request forwardable tickets.
+.TP
+\fB\-r\fP \fIrenewable_life\fP
+requests renewable tickets, with a total lifetime of
+.IR renewable_life .
+The duration is in the same format as the
+.B \-l
+option, with the same delimiters.
+.TP
 .B \-R
-option is used. Note that you must renew the ticket before it has
-expired. 
-.PP
-The
-.B \-c
-option can be used to specify an alternate credentials cache; if this
-option is not used, the default cache is used.  Any contents of the
-cache are destroyed by
-.IR kinit .
-.PP
-The
-.B \-s
-option can be used to specify an alternate service name to use when
-getting initial tickets.
-.PP
-The default credentials cache may vary between systems; however, if the
+requests renewal of the ticket-granting ticket.  Note that an expired
+ticket cannot be renewed, even if the ticket is still within its
+renewable life.
+.TP
+\fB\-k\fP [\fB\-t\fP \fIkeytab_file\fP]
+requests a host ticket, obtained from a key in the local host's
+.I keytab
+file.  The name and location of the keytab file may be specified with
+the
+.B \-t
+.I keytab_file
+option; otherwise the default name and location will be used.
+.TP
+\fB\-c\fP \fIcache_name\fP
+use
+.I cache_name
+as the credentials (ticket) cache name and location; if this option is
+not used, the default cache name and location are used.
+.sp
+The default credentials cache may vary between systems.  If the
 .B KRB5CCNAME
 environment variable is set, its value is used to name the default
-ticket cache.
+ticket cache.  Any existing contents of the cache are destroyed by
+.IR kinit .
+.TP
+\fB\-S\fP \fIservice_name\fP
+specify an alternate service name to use when
+getting initial tickets.
+.SH ENVIRONMENT
+.B Kinit
+uses the following environment variable:
+.TP "\w'.SM KRB5CCNAME\ \ 'u"
+.SM KRB5CCNAME
+Location of the credentials (ticket) cache.
 .SH FILES
-.TP 2i
+.TP "\w'/tmp/krb5cc_[uid]\ \ 'u"
 /tmp/krb5cc_[uid]
-as the normal default credentials cache ([uid] is the decimal UID of the user).
+default credentials cache ([uid] is the decimal UID of the user).
+.TP
+/etc/v5srvtab
+default location for the local host's
+.B keytab
+file.
 .SH SEE ALSO
 klist(1), kdestroy(1), krb5(3)
-.SH BUGS