. means new line

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11885 ec53bebd-3082-4978-b11e-865c3cabbd6b

lib/krb5/krb5.conf.5

@@ -44,8 +44,10 @@ file specifies several configuration parameters for the Kerberos 5
 library, as well as for some programs.
 .Pp
 The file consists of one or more sections, containing a number of
-bindings. The value of each binding can be either a string or a list
+bindings.
-of other bindings. The grammar looks like:
+The value of each binding can be either a string or a list of other
+bindings.
+The grammar looks like:
 .Bd -literal -offset indent
 file:
 	/* empty */
@@ -82,8 +84,8 @@ notation.
 .It boolean
 values can be either yes/true or no/false.
 .It time
-values can be a list of year, month, day, hour, min, second. Example:
+values can be a list of year, month, day, hour, min, second.
-1 month 2 days 30 min.
+Example: 1 month 2 days 30 min.
 .It etypes
 valid encryption types are: des-cbc-crc, des-cbc-md4, des-cbc-md5,
 des3-cbc-sha1.
@@ -96,7 +98,8 @@ Currently recognised sections and bindings are:
 .It Li [appdefaults]
 Specifies the default values to be used for Kerberos applications.
 You can specify defaults per application, realm, or a combination of
-these.  The preference order is:
+these.
+The preference order is:
 .Bl -enum -compact
 .It
 .Va application Va realm Va option
@@ -131,7 +134,8 @@ The default is the result of
 .Fn krb5_get_host_realm "local hostname" .
 .It Li clockskew = Va time
 Maximum time differential (in seconds) allowed when comparing
-times. Default is 300 seconds (five minutes).
+times.
+Default is 300 seconds (five minutes).
 .It Li kdc_timeout = Va time
 Maximum time to wait for a reply from the kdc, default is 3 seconds.
 .It v4_name_convert
@@ -185,12 +189,15 @@ When obtaining initial credentials, make the credentials proxiable.
 This option is also valid in the [realms] section.
 .It Li verify_ap_req_nofail = Va boolean
 If enabled, failure to verify credentials against a local key is a
-fatal error. The application has to be able to read the corresponding
+fatal error.
-service key for this to work. Some applications, like
+The application has to be able to read the corresponding service key
+for this to work.
+Some applications, like
 .Xr su 8 ,
 enable this option unconditionally.
 .It Li warn_pwexpire = Va time
-How soon to warn for expiring password. Default is seven days.
+How soon to warn for expiring password.
+Default is seven days.
 .It Li http_proxy = Va proxy-spec
 A HTTP-proxy to use when talking to the KDC via HTTP.
 .It Li dns_proxy = Va proxy-spec
@@ -218,8 +225,8 @@ and other programs.
 This option is also valid in the [realms] section.
 .El
 .It Li [domain_realm]
-This is a list of mappings from DNS domain to Kerberos realm. Each
+This is a list of mappings from DNS domain to Kerberos realm.
-binding in this section looks like:
+Each binding in this section looks like:
 .Pp
 .Dl domain = realm
 .Pp
@@ -234,7 +241,8 @@ of the `dns_lookup_realm' option).
 .It Va REALM Li = {
 .Bl -tag -width "xxx" -offset indent
 .It Li kdc = Va [service/]host[:port]
-Specifies a list of kdcs for this realm. If the optional
+Specifies a list of kdcs for this realm.
+If the optional
 .Va port
 is absent, the
 default value for the
@@ -248,7 +256,8 @@ The kdcs will be used in the order that they are specified.
 The optional
 .Va service
 specifies over what medium the kdc should be
-contacted. Possible services are
+contacted.
+Possible services are
 .Dq udp ,
 .Dq tcp , 
 and
@@ -267,8 +276,8 @@ Points to the server where all the password changes are performed.
 If there is no such entry, the kpasswd port on the admin_server host
 will be tried.
 .It Li krb524_server = Va host[:port]
-Points to the server that does 524 conversions.  If it is not
+Points to the server that does 524 conversions.
-mentioned, the krb524 port on the kdcs will be tried.
+If it is not mentioned, the krb524 port on the kdcs will be tried.
 .It Li v4_instance_convert
 .It Li v4_name_convert
 .It Li default_domain
@@ -284,7 +293,8 @@ Specifies that
 .Va entity
 should use the specified
 .Li destination
-for logging. See the
+for logging.
+See the
 .Xr krb5_openlog 3
 manual page for a list of defined destinations.
 .El
@@ -304,8 +314,8 @@ will be used.
 .It acl_file Li = PA FILENAME
 Use this file for the ACL list of this database.
 .It log_file Li = Pa FILENAME
-Use this file as the log of changes performed to the database.  This
+Use this file as the log of changes performed to the database.
-file is used by
+This file is used by
 .Nm ipropd-master
 for propagating changes to slaves.
 .El
@@ -313,8 +323,8 @@ for propagating changes to slaves.
 .It max-request = Va SIZE
 Maximum size of a kdc request.
 .It require-preauth = Va BOOL
-If set pre-authentication is required. Since krb4 requests are not
+If set pre-authentication is required.
-pre-authenticated they will be rejected.
+Since krb4 requests are not pre-authenticated they will be rejected.
 .It ports = Va "list of ports"
 List of ports the kdc should listen to.
 .It addresses = Va "list of interfaces"
@@ -365,7 +375,9 @@ syntax of this if something like:
 .Pp
 If
 .Ar etype
-is omitted it means everything, and if string is omitted is means the default string (for that principal). Additional special values of keytypes are:
+is omitted it means everything, and if string is omitted is means the
+default string (for that principal).
+Additional special values of keytypes are:
 .Bl -tag -width "xxx" -offset indent
 .It v5
 The kerberos 5 salt
@@ -418,9 +430,10 @@ To help overcome this problem, there is a program
 .Nm verify_krb5_conf
 that reads
 .Nm
-and tries to emit useful diagnostics from parsing errors.  Note that
+and tries to emit useful diagnostics from parsing errors.
-this program does not have any way of knowing what options are
+Note that this program does not have any way of knowing what options
-actually used and thus cannot warn about unknown or misspelled ones.
+are actually used and thus cannot warn about unknown or misspelled
+ones.
 .Sh SEE ALSO
 .Xr kinit 1 ,
 .Xr krb5_425_conv_principal 3 ,