its vs it\'s etc. From Bjorn Sandell

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22071 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-11-14 20:04:50 +00:00
parent 21948a6f08
commit 5fed824f37
46 changed files with 74 additions and 74 deletions
--- a/appl/dceutils/k5dcecon.c
+++ b/appl/dceutils/k5dcecon.c
@@ -25,7 +25,7 @@
 * this program may not be set. 
 * 
 * The calling program can then use the name of the cache
- * to set the KRB5CCNAME and PAG for its self and its children. 
+ * to set the KRB5CCNAME and PAG for itself and its children. 
 *
 * If no ticket was passed, an attemplt to join an existing
 * PAG will be made. 
@@ -171,7 +171,7 @@ int k5dcesession(luid, pname, tgt, ppag, tflags)
      strcpy(ccname+38,direntp->d_name);
      if (!k5dcematch(luid, pname, ccname, &size, &xtgt))  {

-        /* its one of our caches, see if it is better  
+        /* it's one of our caches, see if it is better  
         * i.e. the endtime is farther, and if the endtimes
         * are the same, take the larger, as he who has the 
         * most tickets wins.
--- a/appl/telnet/libtelnet/kerberos.c
+++ b/appl/telnet/libtelnet/kerberos.c
@@ -541,7 +541,7 @@ kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
 {
    int i;

-    buf[buflen-1] = '\0';		/* make sure its NULL terminated */
+    buf[buflen-1] = '\0';		/* make sure it's NULL terminated */
    buflen -= 1;

    switch(data[3]) {
--- a/appl/telnet/libtelnet/kerberos5.c
+++ b/appl/telnet/libtelnet/kerberos5.c
@@ -726,7 +726,7 @@ kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
 {
    int i;

-    buf[buflen-1] = '\0';		/* make sure its NULL terminated */
+    buf[buflen-1] = '\0';		/* make sure it's NULL terminated */
    buflen -= 1;

    switch(data[3]) {
--- a/appl/telnet/libtelnet/krb4encpwd.c
+++ b/appl/telnet/libtelnet/krb4encpwd.c
@@ -354,7 +354,7 @@ krb4encpwd_printsub(data, cnt, buf, buflen)
 {
 	int i;

-	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
+	buf[buflen-1] = '\0';		/* make sure it's NULL terminated */
 	buflen -= 1;

 	switch(data[3]) {
--- a/appl/telnet/libtelnet/rsaencpwd.c
+++ b/appl/telnet/libtelnet/rsaencpwd.c
@@ -409,7 +409,7 @@ rsaencpwd_printsub(data, cnt, buf, buflen)
 {
 	int i;

-	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
+	buf[buflen-1] = '\0';		/* make sure it's NULL terminated */
 	buflen -= 1;

 	switch(data[3]) {
--- a/appl/telnet/libtelnet/spx.c
+++ b/appl/telnet/libtelnet/spx.c
@@ -532,7 +532,7 @@ spx_printsub(data, cnt, buf, buflen)
 {
 	int i;

-	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
+	buf[buflen-1] = '\0';		/* make sure it's NULL terminated */
 	buflen -= 1;

 	switch(data[3]) {
--- a/doc/apps.texi
+++ b/doc/apps.texi
@@ -202,7 +202,7 @@ KeyFile.
@subsection What is 2b ?

 2b is the name of the proposal that was implemented to give basic
-Kerberos 5 support to AFS in rxkad. Its not real Kerberos 5 support
+Kerberos 5 support to AFS in rxkad. It's not real Kerberos 5 support
 since it still uses fcrypt for data encryption and not Kerberos
 encryption types.

--- a/doc/hx509.texi
+++ b/doc/hx509.texi
@@ -285,7 +285,7 @@ depth.

@item Proxy certificates

-Remember that End Entity can't issue certificates by them own, its not
+Remember that End Entity can't issue certificates by them own, it's not
 really true. There there is an extension called proxy certificates,
 defined in RFC3820, that allows certificates to be issued by end entity
 certificates. The service that receives the proxy certificates must have
@@ -323,19 +323,19 @@ evaluates the policy.
@node Setting up a CA, Creating a CA certificate, What is X.509 ?, Top
@chapter Setting up a CA

-Do not let this chapter scare you off, its just to give you an idea how
+Do not let this chapter scare you off, it's just to give you an idea how
 to complicated setting up a CA can be. If you are just playing around,
 skip all this and go to the next chapter, @pxref{Creating a CA
 certificate}.

 Creating a CA certificate should be more the just creating a
-certificate, there is the policy of the CA. If its just you and your
+certificate, there is the policy of the CA. If it's just you and your
 friend that is playing around then it probably doesn't matter what the
 policy is. But then it comes to trust in an organisation, it will
 probably matter more whom your users and sysadmins will find it
 acceptable to trust.

-At the same time, try to keep thing simple, its not very hard to run a
+At the same time, try to keep thing simple, it's not very hard to run a
 Certificate authority and the process to get new certificates should
 simple.

@@ -599,7 +599,7 @@ The certificate may also contain a jabber identifier (JID) that, if the
 receiver allows it, authorises the server or client to use that JID.

 When storing a JID inside the certificate, both for server and client,
-its stored inside a UTF8String within an otherName entity inside the
+it's stored inside a UTF8String within an otherName entity inside the
 subjectAltName, using the OID id-on-xmppAddr (1.3.6.1.5.5.7.8.5).

 To read more about the requirements, see RFC3920, Extensible Messaging
@@ -620,7 +620,7 @@ hxtool issue-certificate \
@chapter CMS signing and encryption

 CMS is the Cryptographic Message System that among other, is used by
-S/MIME (secure email) and Kerberos PK-INIT. Its an extended version of
+S/MIME (secure email) and Kerberos PK-INIT. It's an extended version of
 the RSA, Inc standard PKCS7.

@node CMS background, , CMS signing and encryption, Top
--- a/doc/programming.texi
+++ b/doc/programming.texi
@@ -97,7 +97,7 @@ found'', the user might back ``failed to find
 host/host.example.com@@EXAMLE.COM(kvno 3) in keytab /etc/krb5.keytab
 (des-cbc-crc)''.  This improves the chance that the user find the
 cause of the error so you should use the customised error message
-whenever its available.
+whenever it's available.

 See also manual page for @manpage{krb5_get_error_string,3} and
@manpage{krb5_get_err_text,3}.
@@ -141,7 +141,7 @@ reason @code{err()} is used when @code{krb5_init_context()} fails.
 First the client needs to call @code{krb5_init_context} to initialise
 the Kerberos 5 library. This is only needed once per thread
 in the program. If the function returns a non-zero value it indicates
-that either the Kerberos implementation is failing or its disabled on
+that either the Kerberos implementation is failing or it's disabled on
 this host.

@example
--- a/doc/setup.texi
+++ b/doc/setup.texi
@@ -668,7 +668,7 @@ default encryption will be used.

@item @code{afs3-salt}

-@code{afs3-salt} is the salt that is used with Transarc kaserver. Its
+@code{afs3-salt} is the salt that is used with Transarc kaserver. It's
 the cell name appended to the password.

@end itemize
@@ -885,7 +885,7 @@ local transport. (A patch to support SASL EXTERNAL authentication is
 necessary in order to use OpenLDAP 2.1.x.)

@item
-Add the hdb schema to the LDAP server, its included in the source-tree
+Add the hdb schema to the LDAP server, it's included in the source-tree
 in @file{lib/hdb/hdb.schema}. Example from slapd.conf:

@example
@@ -915,7 +915,7 @@ Another option is to create an admins group and add the dn to that
 group.

 Since Heimdal talks to the LDAP server over a UNIX domain socket, and
-uses external sasl authentication, its not possible to require
+uses external sasl authentication, it's not possible to require
 security layer quality (ssf in cyrus-sasl lingo). So that requirement
 has to be turned off in OpenLDAP @command{slapd} configuration file
@file{slapd.conf}.
@@ -1080,8 +1080,8 @@ PK-INIT is levering the existing PKI infrastructure to use
 certificates to get the initial ticket, that is usually the krbtgt.

 To use PK-INIT you must first have a PKI, so if you don't have one,
-now its time to create it. Note that you should read the whole chapter
-of the document to see the requirements on the CA sortware.
+it is time to create it. Note that you should read the whole chapter
+of the document to see the requirements on the CA software.

 There needs to exist a mapping between the certificate and what
 principals that certificate is allowed to use. There are several ways
@@ -1107,7 +1107,7 @@ name of the TGS of the target realm.

 Both of these two requirements are not required by the standard to be
 checked by the client if it have external information what the
-certificate the KDC is supposed to be used. So its in the interst of
+certificate the KDC is supposed to be used. So it's in the interest of
 minimum amount of configuration on the clients they should be included.

 Remember that if the client would accept any certificate as the KDC's
--- a/kdc/kerberos5.c
+++ b/kdc/kerberos5.c
@@ -418,8 +418,8 @@ make_etype_info_entry(krb5_context context, ETYPE_INFO_ENTRY *ent, Key *key)
 	*ent->salttype = key->salt->type;
 #else
 	/* 
-	 * We shouldn't sent salttype since its incompatible with the
-	 * specification and its break windows clients.  The afs
+	 * We shouldn't sent salttype since it is incompatible with the
+	 * specification and it breaks windows clients.  The afs
 	 * salting problem is solved by using KRB5-PADATA-AFS3-SALT
 	 * implemented in Heimdal 0.7 and later.
 	 */
--- a/kdc/krb5tgs.c
+++ b/kdc/krb5tgs.c
@@ -822,7 +822,7 @@ tgs_make_reply(krb5_context context,
    if(rspac->length) {
 	/*
 	 * No not need to filter out the any PAC from the
-	 * auth_data since its signed by the KDC.
+	 * auth_data since it's signed by the KDC.
 	 */
 	ret = _kdc_tkt_add_if_relevant_ad(context, &et,
 					  KRB5_AUTHDATA_WIN2K_PAC,
@@ -1439,8 +1439,8 @@ server_lookup:
    }
    
    /*
-     * Check that service is in the same realm as the krbtgt. If its
-     * not the same, its someone that is using a uni-directional trust
+     * Check that service is in the same realm as the krbtgt. If it's
+     * not the same, it's someone that is using a uni-directional trust
     * backward.
     */
    
--- a/kuser/kdestroy.1
+++ b/kuser/kdestroy.1
@@ -57,7 +57,7 @@ Supported options:
 .It Fl credential= Ns Ar principal
 remove
 .Fa principal
-from the credential cache if its exists.
+from the credential cache if it exists.
 .It Fl c Ar cachefile
 .It Fl cache= Ns Ar cachefile
 The cache file to remove.
--- a/kuser/kinit.c
+++ b/kuser/kinit.c
@@ -260,7 +260,7 @@ renew_validate(krb5_context context,

    if (renew) {
 	/* 
-	 * no need to check the error here, its only to be 
+	 * no need to check the error here, it's only to be 
 	 * friendly to the user
 	 */
 	krb5_get_credentials(context, KRB5_GC_CACHED, cache, &in, &out);
--- a/lib/asn1/canthandle.asn1
+++ b/lib/asn1/canthandle.asn1
@@ -19,7 +19,7 @@ Foo ::= SEQUENCE {
        kaka3 [2] IMPLICIT Kaka3 OPTIONAL
 }

-- Don't code kaka if its 1
+-- Don't code kaka if it's 1
 -- Workaround is to use OPTIONAL and check for in the encoder stubs

 Bar ::= SEQUENCE {
--- a/lib/gssapi/gssapi.3
+++ b/lib/gssapi/gssapi.3
@@ -154,7 +154,7 @@ There is a work around for this problem, but not all implementation
 support it.
 .Pp
 Heimdal defaults to correct SPNEGO when the the kerberos
-implementation uses CFX, or when its configured by the user.
+implementation uses CFX, or when it is configured by the user.
 To turn on compatibility with peers, use option
 .Nm [gssapi]
 .Ar require_mechlist_mic .
--- a/lib/gssapi/krb5/init_sec_context.c
+++ b/lib/gssapi/krb5/init_sec_context.c
@@ -449,7 +449,7 @@ init_auth
     * If the credential doesn't have ok-as-delegate, check what local
     * policy say about ok-as-delegate, default is FALSE that makes
     * code ignore the KDC setting and follow what the application
-     * requested. If its TRUE, strip of the GSS_C_DELEG_FLAG if the
+     * requested. If it is TRUE, strip of the GSS_C_DELEG_FLAG if the
     * KDC doesn't set ok-as-delegate.
     */
    if (!cred->flags.b.ok_as_delegate) {
--- a/lib/gssapi/mech/gss_accept_sec_context.c
+++ b/lib/gssapi/mech/gss_accept_sec_context.c
@@ -38,7 +38,7 @@ parse_header(const gss_buffer_t input_token, gss_OID mech_oid)
 	
 	/*
 	 * Token must start with [APPLICATION 0] SEQUENCE.
-	 * But if it doesn't assume its DCE-STYLE Kerberos!
+	 * But if it doesn't assume it is DCE-STYLE Kerberos!
 	 */
 	if (len == 0)
 		return (GSS_S_DEFECTIVE_TOKEN);
@@ -102,7 +102,7 @@ choose_mech(const gss_buffer_t input, gss_OID mech_oid)
 	OM_uint32 status;

 	/*
-	 * First try to parse the gssapi token header and see if its a
+	 * First try to parse the gssapi token header and see if it's a
 	 * correct header, use that in the first hand.
 	 */

--- a/lib/hcrypto/DESperate.txt
+++ b/lib/hcrypto/DESperate.txt
@@ -30,7 +30,7 @@ second.
 01110000 01110000 01110000 01110000 01111000 01111000 01111000 01111000 
 00001111 00001111 00001111 00001111 00000111 00000111 00000111 00000111 

-The pattern is getting more obvious if its printed out where the bits
+The pattern is getting more obvious if it's printed out where the bits
 are coming from.

 8 16 24  -  -  -  -  - 
@@ -64,7 +64,7 @@ gen_pattern("pc1_d_4", 15, [ 57, 53, 45, 37 ], 32, 0x1000000);
 PC2 transformations
 ===================

-PC2 is also a table lookup, since its a 24 bit field, I use 4 6-bit
+PC2 is also a table lookup, since it's a 24 bit field, I use 4 6-bit
 lookup tables. Printing the reverse of the PC2 table reveal that some
 of the bits are not used, namely (9, 18, 22, 25) from c and (7, 10,
 15, 26) from d.
--- a/lib/hdb/hdb-ldap.c
+++ b/lib/hdb/hdb-ldap.c
@@ -417,7 +417,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent,

 	/*
 	 * If this is just a "account" entry and no other objectclass
-	 * is hanging on this entry, its really a new entry.
+	 * is hanging on this entry, it's really a new entry.
 	 */
 	if (is_samba_account == FALSE && is_heimdal_principal == FALSE && 
 	    is_heimdal_entry == FALSE) {
@@ -671,7 +671,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent,
 	int add_krb5EncryptionType = 0;

 	/* 
-	 * Only add/modify krb5EncryptionType if its a new heimdal
+	 * Only add/modify krb5EncryptionType if it's a new heimdal
 	 * entry or krb5EncryptionType already exists on the entry.
 	 */

--- a/lib/hdb/keys.c
+++ b/lib/hdb/keys.c
@@ -244,7 +244,7 @@ add_enctype_to_key_set(Key **key_set, size_t *nkeyset,
 /*
 * Generate the `key_set' from the [kadmin]default_keys statement. If
 * `no_salt' is set, salt is not important (and will not be set) since
- * its random keys that is going to be created.
+ * it's random keys that is going to be created.
 */

 krb5_error_code
--- a/lib/hx509/TODO
+++ b/lib/hx509/TODO
@@ -55,7 +55,7 @@ certificate request

 x509 issues:

- OtherName is left unspecified, but its used by other
+ OtherName is left unspecified, but it's used by other
 specs. creating this hole where a application/CA can't specify
 policy for SubjectAltName what covers whole space. For example, a
 CA is trusted to provide authentication but not authorization.
--- a/lib/hx509/cert.c
+++ b/lib/hx509/cert.c
@@ -695,7 +695,7 @@ _hx509_cert_is_parent_cmp(const Certificate *subject,
    memset(&si, 0, sizeof(si));

    /*
-     * Try to find AuthorityKeyIdentifier, if its not present in the
+     * Try to find AuthorityKeyIdentifier, if it's not present in the
     * subject certificate nor the parent.
     */

@@ -789,7 +789,7 @@ certificate_is_self_signed(const Certificate *cert)
 }

 /*
- * The subjectName is "null" when its empty set of relative DBs.
+ * The subjectName is "null" when it's empty set of relative DBs.
 */

 static int
--- a/lib/hx509/cms.c
+++ b/lib/hx509/cms.c
@@ -1045,7 +1045,7 @@ hx509_cms_create_signed_1(hx509_context context,
    }

    /*
-     * If its not pkcs7-data send signedAttributes
+     * If it isn't pkcs7-data send signedAttributes
     */

    if (der_heim_oid_cmp(eContentType, oid_id_pkcs7_data()) != 0) {
--- a/lib/hx509/data/static-file
+++ b/lib/hx509/data/static-file
@@ -1,4 +1,4 @@
-This is a static file don't change the content, its used in the test
+This is a static file don't change the content, it is used in the test

 #!/bin/sh
 #
--- a/lib/hx509/ks_p11.c
+++ b/lib/hx509/ks_p11.c
@@ -403,7 +403,7 @@ p11_get_session(hx509_context context,
     * prompter or known to work pin code.
     *
     * This code is very conversative and only uses the prompter in
-     * the hx509_lock, the reason is that its bad to try many
+     * the hx509_lock, the reason is that it's bad to try many
     * passwords on a pkcs11 token, it might lock up and have to be
     * unlocked by a administrator.
     *
--- a/lib/hx509/revoke.c
+++ b/lib/hx509/revoke.c
@@ -151,7 +151,7 @@ verify_ocsp(hx509_context context,

    /*
     * If signer certificate isn't the CA certificate, lets check the
-     * its the CA that signed the signer certificate and the OCSP EKU
+     * it is the CA that signed the signer certificate and the OCSP EKU
     * is set.
     */
    if (hx509_cert_cmp(signer, parent) != 0) {
@@ -415,7 +415,7 @@ verify_crl(hx509_context context,
    _hx509_query_clear(&q);
 	
    /*
-     * If its the signer have CRLSIGN bit set, use that as the signer
+     * If it's the signer have CRLSIGN bit set, use that as the signer
     * cert for the certificate, otherwise, search for a certificate.
     */
    if (_hx509_check_key_usage(context, parent, 1 << 6, FALSE) == 0) {
@@ -1016,8 +1016,8 @@ hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out)
 }

 /*
- * Verify that the `cert' is part of the OCSP reply and its not
- * expired. Doesn't verify signature the OCSP reply or its done by a
+ * Verify that the `cert' is part of the OCSP reply and it's not
+ * expired. Doesn't verify signature the OCSP reply or it's done by a
 * authorized sender, that is assumed to be already done.
 */

--- a/lib/kadm5/log.c
+++ b/lib/kadm5/log.c
@@ -836,7 +836,7 @@ kadm5_log_goto_end (int fd)
 * 
 * The pointer in `sp<73> is assumed to be at the top of the entry before
 * previous entry. On success, the `sp<73> pointer is set to data portion
- * of previous entry. In case of error, its not changed at all.
+ * of previous entry. In case of error, it's not changed at all.
 */

 kadm5_ret_t
--- a/lib/krb5/cache.c
+++ b/lib/krb5/cache.c
@@ -198,7 +198,7 @@ krb5_cc_gen_new(krb5_context context,
 * the library chooses the default credential cache type. The supplied
 * `hint' (that can be NULL) is a string that the credential cache
 * type can use to base the name of the credential on, this is to make
- * its easier for the user to differentiate the credentials.
+ * it easier for the user to differentiate the credentials.
 *
 * @return Returns 0 or an error code.
 *
--- a/lib/krb5/context.c
+++ b/lib/krb5/context.c
@@ -361,7 +361,7 @@ add_file(char ***pfilenames, int *len, char *file)
 }

 /*
- *  `pq' isn't free, its up the the caller
+ *  `pq' isn't free, it's up the the caller
 */

 krb5_error_code KRB5_LIB_FUNCTION
--- a/lib/krb5/crypto.c
+++ b/lib/krb5/crypto.c
@@ -184,7 +184,7 @@ krb5_DES_schedule(krb5_context context,
 #ifdef ENABLE_AFS_STRING_TO_KEY

 /* This defines the Andrew string_to_key function.  It accepts a password
- * string as input and converts its via a one-way encryption algorithm to a DES
+ * string as input and converts it via a one-way encryption algorithm to a DES
 * encryption key.  It is compatible with the original Andrew authentication
 * service password database.
 */
--- a/lib/krb5/krb5_aname_to_localname.3
+++ b/lib/krb5/krb5_aname_to_localname.3
@@ -51,7 +51,7 @@ Kerberos 5 Library (libkrb5, -lkrb5)
 .Sh DESCRIPTION
 This function takes a principal
 .Fa name ,
-verifies its in the local realm (using
+verifies that it is in the local realm (using
 .Fn krb5_get_default_realms )
 and then returns the local name of the principal.
 .Pp
--- a/lib/krb5/krb5_ccache.3
+++ b/lib/krb5/krb5_ccache.3
@@ -302,7 +302,7 @@ The supplied
 (that can be
 .Dv NULL )
 is a string that the credential cache type can use to base the name of
-the credential on, this is to make its easier for the user to
+the credential on, this is to make it easier for the user to
 differentiate the credentials.
 The returned credential cache
 .Fa id
@@ -421,7 +421,7 @@ to
 .Fn krb5_cc_clear_mcred
 clears the
 .Fa mcreds
-argument so its reset and can be used with
+argument so it is reset and can be used with
 .Fa krb5_cc_retrieve_cred .
 .Pp
 .Fn krb5_cc_retrieve_cred ,
--- a/lib/krb5/krb5_encrypt.3
+++ b/lib/krb5/krb5_encrypt.3
@@ -197,7 +197,7 @@ If the encryption type supports using derived keys,
 .Fa usage
 should be the appropriate key-usage.
 .Fa ivec
-is a pointer to a initial IV, its modified to the end IV at the end of
+is a pointer to a initial IV, it is modified to the end IV at the end of
 the round.
 Ivec should be the size of 
 If
--- a/lib/krb5/krb5_get_credentials.3
+++ b/lib/krb5/krb5_get_credentials.3
@@ -132,7 +132,7 @@ This option doesn't store the resulting user to user credential in
 the
 .Fa ccache .
 .It KRB5_GC_EXPIRED_OK
-returns the credential even if its expired, default behavior is trying
+returns the credential even if it is expired, default behavior is trying
 to refetch the credential from the KDC.
 .El
 .Pp
--- a/lib/krb5/krb5_get_creds.3
+++ b/lib/krb5/krb5_get_creds.3
@@ -147,7 +147,7 @@ This options doesn't store the resulting user to user credential in
 the
 .Fa ccache .
 .It KRB5_GC_EXPIRED_OK
-returns the credential even if its expired, default behavior is trying
+returns the credential even if it is expired, default behavior is trying
 to refetch the credential from the KDC.
 .It KRB5_GC_NO_STORE
 Do not store the resulting credentials in the
--- a/lib/krb5/krb5_getportbyname.3
+++ b/lib/krb5/krb5_getportbyname.3
@@ -54,7 +54,7 @@ gets the port number for
 .Fa service /
 .Fa proto
 pair from the global service table for and returns it in network order.
-If its not found in the global table, the
+If it isn't found in the global table, the
 .Fa default_port
 (given in host order)
 is returned.
--- a/lib/krb5/krb5_keytab.3
+++ b/lib/krb5/krb5_keytab.3
@@ -475,7 +475,7 @@ Heimdal 0.7.  The behavior is possible to change in with the option
 .Li [libdefaults]fcc-mit-ticketflags .
 Heimdal 0.7 also code to detech that ticket flags was in the wrong
 order and correct them.  This matters when doing delegation in GSS-API
-because the client code looks at the flag to determin if its possible
+because the client code looks at the flag to determin if it is possible
 to do delegation if the user requested it.
 .Sh SEE ALSO
 .Xr krb5.conf 5 ,
--- a/lib/krb5/krb5_verify_init_creds.3
+++ b/lib/krb5/krb5_verify_init_creds.3
@@ -93,7 +93,7 @@ cleans the the structure, must be used before trying to pass it in to
 .Fn krb5_verify_init_creds_opt_set_ap_req_nofail
 controls controls the behavior if
 .Fa ap_req_server
-doesn't exists in the local keytab or in the KDC's database, if its
+doesn't exists in the local keytab or in the KDC's database, if it's
 true, the error will be ignored.  Note that this use is possible
 insecure.
 .Sh SEE ALSO
--- a/lib/krb5/krb5_verify_user.3
+++ b/lib/krb5/krb5_verify_user.3
@@ -139,7 +139,7 @@ structure wont be exported.
 resets all opt to default values.
 .Pp
 None of the krb5_verify_opt_set function makes a copy of the data
-structure that they are called with. Its up the caller to free them
+structure that they are called with. It's up the caller to free them
 after the
 .Fn krb5_verify_user_opt
 is called.
--- a/lib/krb5/rd_req.c
+++ b/lib/krb5/rd_req.c
@@ -137,7 +137,7 @@ check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc)
    krb5_error_code ret;
 	    
    /* 
-     * Windows 2000 and 2003 uses this inside their TGT so its normaly
+     * Windows 2000 and 2003 uses this inside their TGT so it's normaly
     * not seen by others, however, samba4 joined with a Windows AD as
     * a Domain Controller gets exposed to this.
     */
--- a/lib/krb5/store.c
+++ b/lib/krb5/store.c
@@ -838,8 +838,8 @@ krb5_ret_creds(krb5_storage *sp, krb5_creds *creds)
    if(ret) goto cleanup;
    /*
     * Runtime detect the what is the higher bits of the bitfield. If
-     * any of the higher bits are set in the input data, its either a
-     * new ticket flag (and this code need to be removed), or its a
+     * any of the higher bits are set in the input data, it's either a
+     * new ticket flag (and this code need to be removed), or it's a
     * MIT cache (or new Heimdal cache), lets change it to our current
     * format.
     */
@@ -993,8 +993,8 @@ krb5_ret_creds_tag(krb5_storage *sp,
    if(ret) goto cleanup;
    /*
     * Runtime detect the what is the higher bits of the bitfield. If
-     * any of the higher bits are set in the input data, its either a
-     * new ticket flag (and this code need to be removed), or its a
+     * any of the higher bits are set in the input data, it's either a
+     * new ticket flag (and this code need to be removed), or it's a
     * MIT cache (or new Heimdal cache), lets change it to our current
     * format.
     */
--- a/lib/krb5/test_cc.c
+++ b/lib/krb5/test_cc.c
@@ -82,8 +82,8 @@ test_default_name(krb5_context context)
 }

 /*
- * Check that a closed cc still keeps it data and that its no longer
- * there when its destroyed.
+ * Check that a closed cc still keeps it data and that it's no longer
+ * there when it's destroyed.
 */

 static void
--- a/lib/krb5/test_princ.c
+++ b/lib/krb5/test_princ.c
@@ -36,8 +36,8 @@
 RCSID("$Id$");

 /*
- * Check that a closed cc still keeps it data and that its no longer
- * there when its destroyed.
+ * Check that a closed cc still keeps it data and that it's no longer
+ * there when it's destroyed.
 */

 static void
--- a/lib/krb5/v4_glue.c
+++ b/lib/krb5/v4_glue.c
@@ -599,7 +599,7 @@ _krb5_krb_cr_err_reply(krb5_context context,
    RCHECK(ret, krb5_store_int8(sp, AUTH_MSG_ERR_REPLY), error);
    RCHECK(ret, put_nir(sp, name, inst, realm), error);
    RCHECK(ret, krb5_store_int32(sp, time_ws), error);
-    /* If its a Kerberos 4 error-code, remove the et BASE */
+    /* If it is a Kerberos 4 error-code, remove the et BASE */
    if (e >= ERROR_TABLE_BASE_krb && e <= ERROR_TABLE_BASE_krb + 255)
 	e -= ERROR_TABLE_BASE_krb;
    RCHECK(ret, krb5_store_int32(sp, e), error);
--- a/lib/roken/getcap.c
+++ b/lib/roken/getcap.c
@@ -70,7 +70,7 @@ static char	*toprec;	/* Additional record specified by cgetset() */
 static int	 gottoprec;	/* Flag indicating retrieval of toprecord */

 #if 0 /*
-       * Don't use db support unless its build into libc but we dont
+       * Don't use db support unless it's build into libc but we don't
       * check for that now, so just disable the code.
       */
 #if defined(HAVE_DBOPEN) && defined(HAVE_DB_H)