diff --git a/kuser/kinit.1 b/kuser/kinit.1
index 344f3ed61..5e19146ab 100644
--- a/kuser/kinit.1
+++ b/kuser/kinit.1
@@ -19,20 +19,20 @@ acquire initial tickets
 .Oo Fl t Ar keytabname \*(Ba Xo
 .Fl -keytab= Ns Ar keytabname Oc
 .Xc
-.Oo Fl l Ar seconds \*(Ba Xo
-.Fl -lifetime= Ns Ar seconds Oc
+.Oo Fl l Ar time \*(Ba Xo
+.Fl -lifetime= Ns Ar time Oc
 .Xc
 .Op Fl p | Fl -proxiable
 .Op Fl R | Fl -renew
 .Op Fl -renewable
-.Oo Fl r Ar seconds \*(Ba Xo
-.Fl -renewable-life= Ns Ar seconds Oc
+.Oo Fl r Ar time \*(Ba Xo
+.Fl -renewable-life= Ns Ar time Oc
 .Xc
 .Oo Fl S Ar principal \*(Ba Xo
 .Fl -server= Ns Ar principal Oc
 .Xc
-.Oo Fl s Ar seconds \*(Ba Xo
-.Fl -start-time= Ns Ar seconds Oc
+.Oo Fl s Ar time \*(Ba Xo
+.Fl -start-time= Ns Ar time Oc
 .Xc
 .Op Fl k | Fl -use-keytab
 .Op Fl v | Fl -validate
@@ -49,10 +49,10 @@ acquire initial tickets
 .Nm
 is used to authenticate to the kerberos server as
 .Ar principal ,
-or if none is given, a system generated default, and acquire a ticket
-granting ticket that can later be used to obtain tickets for other
-services.
-Supported options:
+or if none is given, a system generated default (typically your login
+name at the default realm), and acquire a ticket granting ticket that
+can later be used to obtain tickets for other services.  Supported
+options:
 .Bl -tag -width Ds
 .It Xo
 .Fl c Ar cachename
@@ -72,10 +72,12 @@ Get ticket that can be forwarded to another host.
 Don't ask for a password, but instead get the key from the specified
 keytab.
 .It Xo 
-.Fl l Ar seconds Ns , 
-.Fl -lifetime= Ns Ar seconds
+.Fl l Ar time Ns , 
+.Fl -lifetime= Ns Ar time
 .Xc
-Specifies the lifetime of the ticket.
+Specifies the lifetime of the ticket. The argument can either be in
+seconds, or a more human readable string like
+.Sq 1h .
 .It Xo
 .Fl p Ns ,
 .Fl -proxiable
@@ -93,8 +95,8 @@ The same as
 .Fl -renewable-life ,
 with an infinite time.
 .It Xo
-.Fl r Ar seconds Ns ,
-.Fl -renewable-life= Ns Ar seconds
+.Fl r Ar time Ns ,
+.Fl -renewable-life= Ns Ar time
 .Xc
 The max renewable ticket life.
 .It Xo
@@ -103,10 +105,14 @@ The max renewable ticket life.
 .Xc
 Get a ticket for a service other than krbtgt/LOCAL.REALM.
 .It Xo
-.Fl s Ar seconds Ns ,
-.Fl -start-time= Ns Ar seconds
+.Fl s Ar time Ns ,
+.Fl -start-time= Ns Ar time
 .Xc
-Start time of ticket, if other than the current time.
+Obtain a ticket that starts to be valid
+.Ar time
+(which can really be a generic time specification, like
+.Sq 1h )
+seconds into the future.
 .It Xo
 .Fl k Ns ,
 .Fl -use-keytab
@@ -136,8 +142,10 @@ Create a credentials cache of version
 Request a ticket with no addresses.
 .It Xo
 .Fl -anonymous
-Request an anonymous ticket.
 .Xc
+Request an anonymous ticket (which means that the ticket will be
+issued to an anonymous principal, typically 
+.Dq anonymous@REALM).
 .El
 
 The following options are only available if
@@ -160,6 +168,17 @@ file.
 Gets AFS tickets, converts them to version 4 format, and stores them
 in the kernel. Only useful if you have AFS.
 .El
+.Pp
+The 
+.Ar forwardable ,
+.Ar proxiable ,
+.Ar ticket_life ,
+and
+.Ar renewable_life 
+options can be set to a default value from the
+.Dv appdefaults
+section in krb5.conf, see
+.Xr krb5_appdefault 3 .
 .Sh ENVIRONMENT
 .Bl -tag -width Ds
 .It Ev KRB5CCNAME
@@ -176,9 +195,10 @@ Specifies the Kerberos 4 ticket file to store version 4 tickets in.
 .\".Sh EXAMPLES
 .\".Sh DIAGNOSTICS
 .Sh SEE ALSO
-.Xr krb5.conf 5 ,
+.Xr kdestroy 1 ,
 .Xr klist 1 ,
-.Xr kdestroy 1
+.Xr krb5.conf 5 ,
+.Xr krb5_appdefault 3
 .\".Sh STANDARDS
 .\".Sh HISTORY
 .\".Sh AUTHORS