more, mostly whitespace, fixes from Thomas Klasusner

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11176 ec53bebd-3082-4978-b11e-865c3cabbd6b

lib/krb5/kerberos.8

@@ -9,14 +9,14 @@
 .Sh DESCRIPTION
 Kerberos is a network authentication system. Its purpose is to
 securely authenticate users and services in an insecure network
-environment. 
+environment.
 .Pp
 This is done with a Kerberos server acting as a trusted third party,
 keeping a database with secret keys for all users and services
 (collectively called
 .Em principals ) .
 .Pp
-Each principal belongs to exactly one 
+Each principal belongs to exactly one
 .Em realm ,
 which is the administrative domain in Kerberos. A realm usually
 corresponds to an organisation, and the realm should normally be
@@ -25,14 +25,14 @@ or more Kerberos servers.
 .Pp
 The authentication process involves exchange of
 .Sq tickets
-and 
-.Sq authenticators 
+and
+.Sq authenticators
 which together prove the principal's identity.
 .Pp
 When you login to the Kerberos system, either through the normal
 system login or with the
 .Xr kinit 1
-program, you acquire a 
+program, you acquire a
 .Em ticket granting ticket
 which allows you to get new tickets for other services, such as
 .Ic telnet

lib/krb5/krb5.conf.5

@@ -7,7 +7,7 @@
 .Nm /etc/krb5.conf
 .Nd configuration file for Kerberos 5
 .Sh DESCRIPTION
-The 
+The
 .Nm
 file specifies several configuration parameters for the Kerberos 5
 library, as well as for some programs.
@@ -78,7 +78,7 @@ Default renewable ticket lifetime.
 .It Li [libdefaults]
 .Bl -tag -width "xxx" -offset indent
 .It Li default_realm = Va REALM
-Default realm to use, this is also known as your 
+Default realm to use, this is also known as your
 .Dq local realm .
 The default is the result of
 .Fn krb5_get_host_realm "local hostname" .
@@ -89,7 +89,7 @@ times. Default is 300 seconds (five minutes).
 Maximum time to wait for a reply from the kdc, default is 3 seconds.
 .It v4_name_convert
 .It v4_instance_resolve
-These are decribed in the 
+These are decribed in the
 .Xr krb5_425_conv_principal  3
 manual page.
 .It Li capath = {
@@ -263,12 +263,12 @@ verify the addresses in the tickets used in tgs requests.
 .\" XXX
 .It allow-null-ticket-addresses = Va BOOL
 allow addresses-less tickets.
-.\" XXX 
+.\" XXX
 .It allow-anonymous = Va BOOL
 if the kdc is allowed to hand out anonymous tickets.
 .It encode_as_rep_as_tgs_rep = Va BOOL
 encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did.
-.\" XXX 
+.\" XXX
 .It kdc_warn_pwexpire = Va TIME
 the time before expiration that the user should be warned that her
 password is about to expire.
@@ -292,7 +292,7 @@ if
 .Ar etype
 is omitted it means everything, and if string is omitted is means the default string (for that principal). Additional special values of keyttypes are:
 .Bl -tag -width "xxx" -offset indent
-.It v5 
+.It v5
 The kerberos 5 salt
 .Va pw-salt
 .It v4

lib/krb5/krb5_425_conv_principal.3

@@ -42,11 +42,11 @@ is non-NULL, it will be called for each candidate principal.
 .Fa func
 should return true if the principal was
 .Dq good .
-To accomplish this, 
-.Fn krb5_425_conv_principal_ext 
+To accomplish this,
+.Fn krb5_425_conv_principal_ext
 will look up the name in
 .Pa krb5.conf .
-It first looks in the 
+It first looks in the
 .Li v4_name_convert/host
 subsection, which should contain a list of version 4 names whose
 instance should be treated as a hostname. This list can be specified
@@ -57,7 +57,7 @@ section), or in the
 section.  If the name is found the resulting name of the principal
 will be the value of this binding. The instance is then first looked
 up in
-.Li v4_instance_convert 
+.Li v4_instance_convert
 for the specified realm. If found the resulting value will be used as
 instance (this can be used for special cases), no further attempts
 will be made to find a conversion if this fails (with
@@ -74,7 +74,7 @@ specific realm.
 .Pp
 On the other hand, if the name is not found in a
 .Li host
-section, it is looked up in a 
+section, it is looked up in a
 .Li v4_name_convert/plain
 binding. If found here the name will be converted, but the instance
 will be untouched.
@@ -99,9 +99,9 @@ config file, so you can override these defaults.
 .Fn krb5_425_conv_principal
 will call
 .Fn krb5_425_conv_principal_ext
-with 
+with
 .Dv NULL
-as 
+as
 .Fa func ,
 and the value of
 .Li v4_instance_resolve
@@ -111,24 +111,24 @@ section) as
 .Fa resolve .
 .Pp
 .Fn krb5_524_conv_principal
-basically does the opposite of 
+basically does the opposite of
 .Fn krb5_425_conv_principal ,
 it just doesn't have to look up any names, but will instead truncate
 instances found to belong to a host principal. The
-.Fa name , 
-.Fa instance , 
-and 
+.Fa name ,
+.Fa instance ,
+and
 .Fa realm
 should be at least 40 characters long.
 .Sh EXAMPLES
 Since this is confusing an example is in place.
 .Pp
-Assume that we have the 
-.Dq foo.com , 
-and 
-.Dq bar.com  
-domains that have shared a single version 4 realm, FOO.COM. The version 4 
-.Pa krb.realms 
+Assume that we have the
+.Dq foo.com ,
+and
+.Dq bar.com
+domains that have shared a single version 4 realm, FOO.COM. The version 4
+.Pa krb.realms
 file looked like:
 .Bd -literal -offset indent
 foo.com		FOO.COM
@@ -167,19 +167,19 @@ ftp.other	\(-> ftp/other.foo.com
 other.a-host	\(-> other/a-host
 .Ed
 .Pp
-The first three are what you expect. If you remove the 
+The first three are what you expect. If you remove the
 .Dq v4_domains ,
 the fourth entry will result in an error (since the host
 .Dq other
-can't be found). Even if 
-.Dq a-host 
+can't be found). Even if
+.Dq a-host
 is a valid host name, the last entry will not be converted, since the
 .Dq other
 name is not known to represent a host-type principal.
 If you turn off
 .Dq v4_instance_resolve
 the second example will result in
-.Dq ftp/b-host.foo.com 
+.Dq ftp/b-host.foo.com
 (because of the default domain). And all of this is of course only
 valid if you have working name resolving.
 .Sh SEE ALSO

lib/krb5/krb5_appdefault.3

@@ -17,14 +17,14 @@
 .Ft void
 .Fn krb5_appdefault_time "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "time_t def_val" "time_t *ret_val"
 .Sh DESCRIPTION
-These functions get application application defaults from the 
+These functions get application application defaults from the
 .Dv appdefaults
 section of the
-.Xr krb5.conf 5 
+.Xr krb5.conf 5
 configuration file. These defaults can be specified per application,
 and/or per realm.
 .Pp
-These values will be looked for in 
+These values will be looked for in
 .Xr krb5.conf 5 ,
 in order of descending importance.
 .Bd -literal -offset indent
@@ -46,7 +46,7 @@ in order of descending importance.
 is the name of the application, and
 .Fa realm
 is the realm name. If the realm is omitted it will not be used for
-resolving values. 
+resolving values.
 .Fa def_val
 is the value to return if no value is found in
 .Xr krb5.conf 5 .

lib/krb5/krb5_auth_context.3

@@ -119,9 +119,9 @@
 The
 .Nm krb5_auth_context
 structure holds all context related to an authenticated connection, in
-a similar way to 
+a similar way to
 .Nm krb5_context
-that holds the context for the thread or process.  
+that holds the context for the thread or process.
 .Nm krb5_auth_context
 is used by various functions that are directly related to
 authentication between the server/client. Example of data that this
@@ -138,18 +138,18 @@ and
 .Fn krb5_auth_con_setflags .
 The
 .Nm auth_context
-structure must be freed by 
+structure must be freed by
 .Fn krb5_auth_con_free .
 .Pp
 .Fn krb5_auth_con_getflags
 and
 .Fn krb5_auth_con_setflags
-gets and modifies the flags for a 
+gets and modifies the flags for a
 .Nm krb5_auth_context
 structure. Possible flags to set are:
 .Bl -tag -width Ds
 .It Dv KRB5_AUTH_CONTEXT_DO_TIME
-check timestamp on incoming packets. 
+check timestamp on incoming packets.
 .\".It Dv KRB5_AUTH_CONTEXT_RET_TIME
 .It Dv KRB5_AUTH_CONTEXT_DO_SEQUENCE
 Generate and check sequence-number on each packet.
@@ -186,7 +186,7 @@ fetches the addresses from a file descriptor.
 .Pp
 .Fn krb5_auth_con_genaddrs
 fetches the address information from the given file descriptor
-.Fa fd 
+.Fa fd
 depending on the bitmap argument
 .Fa flags .
 .Pp
@@ -219,7 +219,7 @@ and thus no special handling is needed.
 is not a valid keyblock to
 .Fn krb5_auth_con_setkey .
 .Pp
-.Fn krb5_auth_con_setuserkey 
+.Fn krb5_auth_con_setuserkey
 is only useful when doing user to user authentication.
 .Fn krb5_auth_con_setkey
 is equivalent to
@@ -230,7 +230,7 @@ is equivalent to
 .Fn krb5_auth_con_getremotesubkey
 and
 .Fn krb5_auth_con_setremotesubkey
-gets and sets the keyblock for the local and remote subkey. The keyblock returned by 
+gets and sets the keyblock for the local and remote subkey. The keyblock returned by
 .Fn krb5_auth_con_getlocalsubkey
 and
 .Fn krb5_auth_con_getremotesubkey
@@ -259,7 +259,7 @@ gets and gets the keytype of the keyblock in
 .Pp
 .Fn krb5_auth_getauthenticator
 Retrieves the authenticator that was used during mutual
-authentication. The 
+authentication. The
 .Dv authenticator
 returned should be freed by calling
 .Fn krb5_free_authenticator .
@@ -275,7 +275,7 @@ allocates memory for and zeros the initial vector in the
 keyblock.
 .Pp
 .Fn krb5_auth_con_setivector
-sets the i_vector portion of 
+sets the i_vector portion of
 .Fa auth_context
 to
 .Fa ivector .

lib/krb5/krb5_build_principal.3

@@ -25,7 +25,7 @@
 .Sh DESCRIPTION
 These functions create a Kerberos 5 principal from a realm and a list
 of components.
-All of these functions return an allocated principal in the 
+All of these functions return an allocated principal in the
 .Fa principal
 parameter, this should be freed with
 .Fn krb5_free_principal
@@ -36,22 +36,22 @@ The
 functions take a
 .Fa realm
 and the length of the realm.  The
-.Fn krb5_build_principal 
+.Fn krb5_build_principal
 and
 .Fn krb5_build_principal_va
 also takes a list of components (zero-terminated strings), terminated
 with
 .Dv NULL .
 The
-.Fn krb5_build_principal_ext 
-and 
-.Fn krb5_build_principal_va_ext 
+.Fn krb5_build_principal_ext
+and
+.Fn krb5_build_principal_va_ext
 takes a list of length-value pairs, the list is terminated with a zero
 length.
 .Pp
-The 
+The
 .Fn krb5_make_principal
-is a wrapper around 
+is a wrapper around
 .Fn krb5_build_principal .
 If the realm is
 .Dv NULL ,

lib/krb5/krb5_config.3

@@ -20,8 +20,8 @@
 .Ft int
 .Fn krb5_config_get_time_default "krb5_context context" "krb5_config_section *c" "int def_value" "..."
 .Sh DESCRIPTION
-These functions get values from the 
-.Xr krb5.conf 5 
+These functions get values from the
+.Xr krb5.conf 5
 configuration file, or another configuration database specified by the
 .Fa c
 parameter.
@@ -39,11 +39,11 @@ option, defaulting to
 .Pp
 .Fn krb5_config_get_bool_default
 will convert the option value to a boolean value, where
-.Sq yes , 
+.Sq yes ,
 .Sq true ,
 and any non-zero number means
 .Dv TRUE ,
-and any other value 
+and any other value
 .Dv FALSE .
 .Pp
 .Fn krb5_config_get_int_default

lib/krb5/krb5_create_checksum.3

@@ -4,10 +4,10 @@
 .Dt NAME 3
 .Os HEIMDAL
 .Sh NAME
-.Nm krb5_checksum_is_collision_proof , 
-.Nm krb5_checksum_is_keyed , 
-.Nm krb5_checksumsize , 
-.Nm krb5_create_checksum , 
+.Nm krb5_checksum_is_collision_proof ,
+.Nm krb5_checksum_is_keyed ,
+.Nm krb5_checksumsize ,
+.Nm krb5_create_checksum ,
 .Nm krb5_verify_checksum
 .Nd creates and verifies checksums
 .Sh SYNOPSIS
@@ -22,15 +22,15 @@
 .Fn krb5_checksum_is_keyed "krb5_context context" "krb5_cksumtype type"
 .Sh DESCRIPTION
 These functions are used to create and verify checksums.
-.Fn krb5_create_checksum 
+.Fn krb5_create_checksum
 creates a checksum of the specified data, and puts it in
 .Fa result .
 If
 .Fa crypto
-is 
+is
 .Dv NULL ,
-.Fa usage_or_type 
-specifies the checksum type to use; it must not be keyed. Otherwise 
+.Fa usage_or_type
+specifies the checksum type to use; it must not be keyed. Otherwise
 .Fa crypto
 is an encryption context created by
 .Fn krb5_crypto_init ,
@@ -41,7 +41,7 @@ specifies a key-usage.
 .Fn krb5_verify_checksum
 verifies the
 .Fa checksum ,
-against the provided data. 
+against the provided data.
 .Pp
 .Fn krb5_checksum_is_collision_proof
 returns true is the specified checksum is collision proof (that it's
@@ -52,7 +52,7 @@ collision proof checksums are MD5, and SHA1, while CRC32 is not.
 .Fn krb5_checksum_is_keyed
 returns true if the specified checksum type is keyed (that the hash
 value is a function of both the data, and a separate key). Examples of
-keyed hash algorithms are HMAC-SHA1-DES3, and RSA-MD5-DES. The 
+keyed hash algorithms are HMAC-SHA1-DES3, and RSA-MD5-DES. The
 .Dq plain
 hash functions MD5, and SHA1 are not keyed.
 .\" .Sh EXAMPLE

lib/krb5/krb5_crypto_init.3

@@ -4,7 +4,7 @@
 .Dt NAME 3
 .Os HEIMDAL
 .Sh NAME
-.Nm krb5_crypto_init , 
+.Nm krb5_crypto_init ,
 .Nm krb5_crypto_destroy
 .Nd initialize encryption context
 .Sh SYNOPSIS

lib/krb5/krb5_encrypt.3

@@ -4,9 +4,9 @@
 .Dt KRB5_ENCRYPT 3
 .Os HEIMDAL
 .Sh NAME
-.Nm krb5_decrypt , 
-.Nm krb5_decrypt_EncryptedData , 
-.Nm krb5_encrypt , 
+.Nm krb5_decrypt ,
+.Nm krb5_decrypt_EncryptedData ,
+.Nm krb5_encrypt ,
 .Nm krb5_encrypt_EncryptedData
 .Nd encrypt and decrypt data
 .Sh SYNOPSIS
@@ -23,23 +23,23 @@
 These functions are used to encrypt and decrypt data.
 .Pp
 .Fn krb5_encrypt
-puts the encrypted version of 
+puts the encrypted version of
 .Fa data
 (of size
 .Fa len )
 in
 .Fa result .
-If the encryption type supports using derived keys, 
+If the encryption type supports using derived keys,
 .Fa usage
 should be the appropriate key-usage.
 .Fn krb5_encrypt_EncryptedData
 does the same as
 .Fn krb5_encrypt ,
 but it puts the encrypted data in a
-.Fa EncryptedData 
-structure instead. If 
-.Fa kvno 
-is not zero, it will be put in the 
+.Fa EncryptedData
+structure instead. If
+.Fa kvno
+is not zero, it will be put in the
 .Fa kvno field in the
 .Fa EncryptedData .
 .Pp

lib/krb5/krb5_free_addresses.3

@@ -11,10 +11,10 @@
 .Ft void
 .Fn krb5_free_addresses "krb5_context context" "krb5_addresses *addresses"
 .Sh DESCRIPTION
-The 
+The
 .Fn krb5_free_addresses
 will free a list of addresses that has been created with
 .Fn krb5_get_all_client_addrs
-or with some other function. 
+or with some other function.
 .Sh SEE ALSO
 .Xr krb5_get_all_client_addrs 3

lib/krb5/krb5_free_principal.3

@@ -11,12 +11,12 @@
 .Ft void
 .Fn krb5_free_principal "krb5_context context" "krb5_principal principal"
 .Sh DESCRIPTION
-The 
+The
 .Fn krb5_free_principal
 will free a principal that has been created with
 .Fn krb5_build_principal ,
 .Fn krb5_parse_name ,
-or with some other function. 
+or with some other function.
 .Sh SEE ALSO
 .Xr krb5_425_conv_principal 3 ,
 .Xr krb5_build_principal 3 ,

lib/krb5/krb5_get_all_client_addrs.3

@@ -8,11 +8,11 @@
 .Sh SYNOPSIS
 .Fd #include <krb5.h>
 .Ft "krb5_error_code"
-.Fn krb5_get_all_client_addrs "krb5_context context" "krb5_addresses *addrs" 
+.Fn krb5_get_all_client_addrs "krb5_context context" "krb5_addresses *addrs"
 .Ft "krb5_error_code"
-.Fn krb5_get_all_server_addrs "krb5_context context" "krb5_addresses *addrs" 
+.Fn krb5_get_all_server_addrs "krb5_context context" "krb5_addresses *addrs"
 .Sh DESCRIPTION
-These functions return in 
+These functions return in
 .Fa addrs
 a list of addresses associated with the local
 host.
@@ -24,15 +24,15 @@ to create sockets to listen to.
 The client version will also scan local interfaces (can be turned off
 by setting
 .Li libdefaults/scan_interfaces
-to false in 
-.Pa krb5.conf ) , 
+to false in
+.Pa krb5.conf ) ,
 but will not include loop-back addresses, unless there are no other
 addresses found. It will remove all addresses included in
 .Li libdefaults/ignore_addresses
 but will unconditionally include addresses in
 .Li libdefaults/extra_addresses .
 .Pp
-The returned addresses should be freed by calling 
+The returned addresses should be freed by calling
 .Fn krb5_free_addresses .
 .\".Sh EXAMPLE
 .Sh SEE ALSO

lib/krb5/krb5_get_krbhst.3

@@ -26,21 +26,21 @@
 .Sh DESCRIPTION
 These functions implement the old API to get a list of Kerberos hosts,
 and are thus similar to the
-.Fn krb5_krbhst_init 
-functions. However, since these functions returns 
+.Fn krb5_krbhst_init
+functions. However, since these functions returns
 .Em all
 hosts in one go, they potentially have to do more lookups than
 necessary. These functions remain for compatibility reasons.
 .Pp
 After a call to one of these functions,
-.Fa hostlist 
+.Fa hostlist
 is a
 .Dv NULL
 terminated list of strings, pointing to the requested Kerberos hosts. These should be freed with
-.Fn krb5_free_krbhst 
+.Fn krb5_free_krbhst
 when done with.
 .Sh EXAMPLE
-The following code will print the KDCs of the realm 
+The following code will print the KDCs of the realm
 .Dq MY.REALM .
 .Bd -literal -offset indent
 char **hosts, **p;

lib/krb5/krb5_keytab.3

@@ -142,7 +142,7 @@ the default keytab is used. The current default type is
 .Nm file .
 The default value can be changed in the configuration file
 .Pa /etc/krb5.conf
-by setting the variable 
+by setting the variable
 .Li [defaults]default_keytab_name .
 .Pp
 The keytab types that are implemented in Heimdal
@@ -154,7 +154,7 @@ store the keytab in a file, the type's name is
 The residual part is a filename.
 .It Nm keyfile
 store the keytab in a
-.Li AFS 
+.Li AFS
 keyfile (usually
 .Pa /usr/afs/etc/KeyFile ) ,
 the type's name is
@@ -182,7 +182,7 @@ key-type, key, key-version number, etc.
 .Nm krb5_kt_cursor
 holds the current position that is used when iterating through a
 keytab entry with
-.Fn krb5_kt_start_seq_get , 
+.Fn krb5_kt_start_seq_get ,
 .Fn krb5_kt_next_entry ,
 and
 .Fn krb5_kt_end_seq_get .
@@ -195,19 +195,19 @@ implementation.
 .Fn krb5_kt_resolve
 is the equvalent of an
 .Xr open 2
-on keytab. Resolve the keytab name in 
+on keytab. Resolve the keytab name in
 .Fa name
-into a keytab in 
+into a keytab in
 .Fa id .
 Returns 0 or an error. The opposite of
-.Fn krb5_kt_resolve 
-is 
+.Fn krb5_kt_resolve
+is
 .Fn krb5_kt_close .
 .Fn krb5_kt_close
 frees all resources allocated to the keytab.
 .Pp
 .Fn krb5_kt_default
-sets the argument 
+sets the argument
 .Fa id
 to the default keytab.
 Returns 0 or an error.
@@ -215,27 +215,27 @@ Returns 0 or an error.
 .Fn krb5_kt_default_name
 copy the name of the default keytab into
 .Fa name .
-Return 0 or KRB5_CONFIG_NOTENUFSPACE if 
+Return 0 or KRB5_CONFIG_NOTENUFSPACE if
 .Fa namesize
 is too short.
 .Pp
 .Fn krb5_kt_add_entry
 Add a new
 .Fa entry
-to the keytab 
+to the keytab
 .Fa id .
 .Li KRB5_KT_NOWRITE
 is returned if the keytab is a readonly keytab.
 .Pp
 .Fn krb5_kt_compare
-compares the passed in 
+compares the passed in
 .Fa entry
 against
 .Fa principal ,
 .Fa vno ,
 and
 .Fa enctype .
-Any of 
+Any of
 .Fa principal ,
 .Fa vno
 or
@@ -244,52 +244,52 @@ might be 0 which acts as a wildcard. Return TRUE if they compare the
 same, FALSE otherwise.
 .Pp
 .Fn krb5_kt_copy_entry_contents
-copies the contents of 
+copies the contents of
 .Fa in
-into 
+into
 .Fa out .
 Returns 0 or an error.
 .Pp
 .Fn krb5_kt_get_name
-retrieves the name of the keytab 
+retrieves the name of the keytab
 .Fa keytab
-into 
+into
 .Fa name ,
 .Fa namesize .
 Returns 0 or an error.
 .Pp
 .Fn krb5_kt_free_entry
-frees the contents of 
+frees the contents of
 .Fa entry .
 .Pp
 .Fn krb5_kt_start_seq_get
 sets
 .Fa cursor
-to point at the beginning of 
+to point at the beginning of
 .Fa id .
 Returns 0 or an error.
 .Pp
 .Fn krb5_kt_next_entry
-gets the next entry from 
+gets the next entry from
 .Fa id
-pointed to by 
+pointed to by
 .Fa cursor
 and advance the
 .Fa cursor .
 Returns 0 or an error.
 .Pp
 .Fn krb5_kt_end_seq_get
-releases all resources associated with 
+releases all resources associated with
 .Fa cursor .
 .Pp
 .Fn krb5_kt_get_entry
-retrieves the keytab entry for 
+retrieves the keytab entry for
 .Fa principal ,
-.Fa kvno, 
+.Fa kvno,
 .Fa enctype
-into 
+into
 .Fa entry
-from the keytab 
+from the keytab
 .Fa id .
 Returns 0 or an error.
 .Pp
@@ -298,16 +298,16 @@ reads the key identified by
 .Ns ( Fa principal ,
 .Fa vno ,
 .Fa enctype )
-from the keytab in 
+from the keytab in
 .Fa keyprocarg
-(the default if == NULL) into 
+(the default if == NULL) into
 .Fa *key .
 Returns 0 or an error.
 .Pp
 .Fn krb5_kt_remove_entry
-removes the entry 
+removes the entry
 .Fa entry
-from the keytab 
+from the keytab
 .Fa id .
 Returns 0 or an error.
 .Pp
@@ -332,14 +332,14 @@ main (int argc, char **argv)
 
     if (krb5_init_context (&context) != 0)
 	errx(1, "krb5_context");
-    
+
     ret = krb5_kt_default (context, &keytab);
     if (ret)
 	krb5_err(context, 1, ret, "krb5_kt_default");
 
     ret = krb5_kt_start_seq_get(context, keytab, &cursor);
     if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_start_seq_get");	
+	krb5_err(context, 1, ret, "krb5_kt_start_seq_get");
     while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){
 	krb5_unparse_name_short(context, entry.principal, &principal);
 	printf("principal: %s\\n", principal);
@@ -348,7 +348,7 @@ main (int argc, char **argv)
     }
     ret = krb5_kt_end_seq_get(context, keytab, &cursor);
     if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_end_seq_get");	
+	krb5_err(context, 1, ret, "krb5_kt_end_seq_get");
     krb5_free_context(context);
     return 0;
 }

lib/krb5/krb5_krbhst_init.3

@@ -36,10 +36,10 @@ administrative servers, the password changing servers, or the servers
 for Kerberos 4 ticket conversion.
 .Pp
 First a handle to a particular service is obtained by calling
-.Fn krb5_krbhst_init 
-with the 
+.Fn krb5_krbhst_init
+with the
 .Fa realm
-of interest and the type of service to lookup. The 
+of interest and the type of service to lookup. The
 .Fa type
 can be one of:
 .Pp
@@ -55,7 +55,7 @@ The
 is returned to the caller, and should be passed to the other
 functions.
 .Pp
-For each call to 
+For each call to
 .Fn krb5_krbhst_next
 information a new host is returned. The former function returns in
 .Fa host
@@ -73,7 +73,7 @@ typedef struct krb5_krbhst_info {
 } krb5_krbhst_info;
 .Ed
 .Pp
-The related function, 
+The related function,
 .Fn krb5_krbhst_next_as_string ,
 return the same information as a url-like string.
 .Pp
@@ -82,11 +82,11 @@ When there are no more hosts, these functions return
 .Pp
 To re-iterate over all hosts, call
 .Fn krb5_krbhst_reset
-and the next call to 
+and the next call to
 .Fn krb5_krbhst_next
 will return the first host.
 .Pp
-When done with the handle, 
+When done with the handle,
 .Fn krb5_krbhst_free
 should be called.
 .Pp
@@ -101,13 +101,13 @@ that will return a
 .Va struct addrinfo
 that can then be used for communicating with the server mentioned.
 .Sh EXAMPLE
-The following code will print the KDCs of the realm 
+The following code will print the KDCs of the realm
 .Dq MY.REALM .
 .Bd -literal -offset indent
 krb5_krbhst_handle handle;
 char host[MAXHOSTNAMELEN];
 krb5_krbhst_init(context, "MY.REALM", KRB5_KRBHST_KDC, &handle);
-while(krb5_krbhst_next_as_string(context, handle, 
+while(krb5_krbhst_next_as_string(context, handle,
 				 host, sizeof(host)) == 0)
     printf("%s\\n", host);
 krb5_krbhst_free(context, handle);

lib/krb5/krb5_openlog.3

@@ -12,14 +12,14 @@
 .Nm krb5_log ,
 .Nm krb5_vlog ,
 .Nm krb5_log_msg ,
-.Nm krb5_vlog_msg 
+.Nm krb5_vlog_msg
 .Nd Heimdal logging functions
 .Sh SYNOPSIS
 .Fd #include <krb5.h>
 .Ft "typedef void"
-.Fn "\*(lp*krb5_log_log_func_t\*(rp" "const char *time" "const char *message" "void *data" 
+.Fn "\*(lp*krb5_log_log_func_t\*(rp" "const char *time" "const char *message" "void *data"
 .Ft "typedef void"
-.Fn "\*(lp*krb5_log_close_func_t\*(rp" "void *data" 
+.Fn "\*(lp*krb5_log_close_func_t\*(rp" "void *data"
 .Ft krb5_error_code
 .Fn krb5_addlog_dest "krb5_context context" "krb5_log_facility *facility" "const char *destination"
 .Ft krb5_error_code
@@ -43,7 +43,7 @@ These functions logs messages to one or more destinations.
 .Pp
 The
 .Fn krb5_openlog
-function creates a logging 
+function creates a logging
 .Fa facility ,
 that is used to log messages. A facility consists of one or more
 destinations (which can be files or syslog or some other device). The
@@ -59,7 +59,7 @@ configuration file.  If no entry is found for
 the entry for
 .Li default
 is used, or if that is missing too,
-.Li SYSLOG 
+.Li SYSLOG
 will be used as destination.
 .Pp
 To close a logging facility, use the
@@ -72,7 +72,7 @@ To log a message to a facility use one of the functions
 .Fn krb5_vlog ,
 or
 .Fn krb5_vlog_msg .
-The functions ending in 
+The functions ending in
 .Li _msg
 return in
 .Fa reply
@@ -81,45 +81,45 @@ and should be freed with
 .Fn free .
 The
 .Fa format
-is a standard 
+is a standard
 .Fn printf
 style format string (but see the BUGS section).
 .Pp
-If you want better control of where things gets logged, you can instead of using 
+If you want better control of where things gets logged, you can instead of using
 .Fn krb5_openlog
-call 
+call
 .Fn krb5_initlog ,
 which just initializes a facility, but doesn't define any actual logging
 destinations. You can then add destinations with the
 .Fn krb5_addlog_dest
 and
-.Fn krb5_addlog_func 
+.Fn krb5_addlog_func
 functions.  The first of these takes a string specifying a logging
 destination, and adds this to the facility. If you want to do some
 non-standard logging you can use the
 .Fn krb5_addlog_func
 function, which takes a function to use when logging.
-The 
+The
 .Fa log
 function is called for each message with
 .Fa time
 being a string specifying the current time, and
 .Fa message
-the message to log. 
+the message to log.
 .Fa close
-is called when the facility is closed. You can pass application specific data in the 
-.Fa data 
+is called when the facility is closed. You can pass application specific data in the
+.Fa data
 parameter. The
 .Fa min
-and 
+and
 .Fa max
 parameter are the same as in a destination (defined below). To specify a
 max of infinity, pass -1.
 .Pp
 .Fn krb5_openlog
-calls 
+calls
 .Fn krb5_initlog
-and then calls 
+and then calls
 .Fn krb5_addlog_dest
 for each destination found.
 .Ss Destinations
@@ -148,9 +148,9 @@ get the name for one of these, you take the name of the macro passed
 to
 .Xr syslog 3 ,
 and remove the leading
-.Li LOG_ 
+.Li LOG_
 .No ( Li LOG_NOTICE
-becomes 
+becomes
 .Li NOTICE ) .
 The default values (as well as the values used for unrecognised
 values), are
@@ -182,8 +182,8 @@ specified value. If no range is specified, all messages gets logged.
 	default = STDERR
 .Ed
 .Pp
-This will log all messages from the 
-.Nm kdc 
+This will log all messages from the
+.Nm kdc
 program with level 0 to
 .Pa /var/log/kdc.log ,
 other messages will be logged to syslog with priority

lib/krb5/krb5_parse_name.3

@@ -15,12 +15,12 @@
 converts a string representation of a princpal name to
 .Nm krb5_principal .
 The
-.Fa principal 
+.Fa principal
 will point to allocated data that should be freed with
 .Fn krb5_free_principal .
 .Pp
 The string should consist of one or more name components separated with slashes
-.Pq Dq / , 
+.Pq Dq / ,
 optionally followed with an
 .Dq @
 and a realm name. A slash or @ may be contained in a name component by

lib/krb5/krb5_principal_get_realm.3

@@ -20,24 +20,24 @@ either the realm or a specific component. The returned string points
 to data inside the principal, so they are valid only as long as the
 principal exists.
 .Pp
-The 
+The
 .Fa component
 argument to
 .Fn krb5_principal_get_comp_string
 is the component number to return, from zero to the total number of
-components minus one. If a the requested component number is out of range, 
+components minus one. If a the requested component number is out of range,
 .Dv NULL
 is returned.
 .Pp
-These functions can be seen as a replacement for the 
+These functions can be seen as a replacement for the
 .Fn krb5_princ_realm ,
 .Fn krb5_princ_component
 and related macros, described as intermal in the MIT API
 specification. A difference is that these functions return strings,
 not
 .Dv krb5_data .
-A reason to return 
-.Dv krb5_data 
+A reason to return
+.Dv krb5_data
 was that it was believed that principal components could contain
 binary data, but this belief was unfounded, and it has been decided
 that principal components are infact UTF8, so it's safe to use zero

lib/krb5/krb5_sname_to_principal.3

@@ -14,30 +14,30 @@
 .Ft krb5_error_code
 .Fn krb5_sock_to_principal "krb5_context context" "int socket" "const char *sname" "int32_t type" "krb5_principal *principal"
 .Sh DESCRIPTION
-These functions create a 
+These functions create a
 .Dq service
 principal that can, for instance, be used to lookup a key in a keytab. For both these function the
-.Fa sname 
-parameter will be used for the first component of the created principal. If 
+.Fa sname
+parameter will be used for the first component of the created principal. If
 .Fa sname
 is
 .Dv NULL ,
 .Dq host
 will be used instead.
-.Fn krb5_sname_to_principal 
-will use the passed 
+.Fn krb5_sname_to_principal
+will use the passed
 .Fa hostname
-for the second component. If type 
+for the second component. If type
 .Dv KRB5_NT_SRV_HST
 this name will be looked up with
 .Fn gethostbyname .
-If 
+If
 .Fa hostname is
 .Dv NULL ,
 the local hostname will be used.
 .Pp
-.Fn krb5_sock_to_principal 
-will use the 
+.Fn krb5_sock_to_principal
+will use the
 .Dq sockname
 of the passed
 .Fa socket ,

lib/krb5/krb5_timeofday.3

@@ -8,9 +8,9 @@
 .Sh SYNOPSIS
 .Fd #include <krb5.h>
 .Ft "krb5_error_code"
-.Fn krb5_timeofday "krb5_context context" "krb5_timestamp *timeret" 
+.Fn krb5_timeofday "krb5_context context" "krb5_timestamp *timeret"
 .Ft "krb5_error_code"
-.Fn krb5_us_timeofday "krb5_context context" "int32_t *sec" "int32_t *usec" 
+.Fn krb5_us_timeofday "krb5_context context" "int32_t *sec" "int32_t *usec"
 .Sh DESCRIPTION
 .Fn krb5_timeofday
 returns the current time, but adjusted with the time difference

lib/krb5/krb5_unparse_name.3

@@ -18,7 +18,7 @@ This function takes a
 .Fa principal ,
 and will convert in to a printable representation with the same syntax as decribed in
 .Xr krb5_parse_name 3 .
-.Fa *name 
+.Fa *name
 will point to allocated data and should be freed by the caller.
 .Sh SEE ALSO
 .Xr krb5_425_conv_principal 3 ,

lib/krb5/krb5_verify_user.3

@@ -16,7 +16,7 @@
 .Sh DESCRIPTION
 The
 .Nm krb5_verify_user
-function verifies the password supplied by a user. 
+function verifies the password supplied by a user.
 The principal whose
 password will be verified is specified in
 .Fa principal .
@@ -43,7 +43,7 @@ The
 function does the same, except that it ignores the realm in
 .Fa principal
 and tries all the local realms (see
-.Xr krb5.conf 5 ) . 
+.Xr krb5.conf 5 ) .
 After a successful return, the principal is set to the authenticated
 realm. If the call fails, the principal will not be meaningful, and
 should only be freed with
@@ -78,7 +78,7 @@ main(int argc, char **argv)
     error = krb5_verify_user(context, princ, NULL, NULL, TRUE, NULL);
     if (error)
         krb5_err(context, 1, error, "krb5_verify_user");
-	
+
     return 0;
 }
 .Ed

lib/krb5/krb5_warn.3

@@ -40,7 +40,7 @@ These functions prints a warning message to some destination.
 is a printf style format specifying the message to print. The forms not ending in an
 .Dq x
 prints the error string associated with
-.Fa code 
+.Fa code
 along with the message.
 The
 .Dq err
@@ -50,7 +50,7 @@ after printing the message.
 .Pp
 The
 .Fn krb5_set_warn_func
-function sets the destination for warning messages to the specified 
+function sets the destination for warning messages to the specified
 .Fa facility .
 Messages logged with the
 .Dq warn

lib/krb5/verify_krb5_conf.8

@@ -17,11 +17,11 @@ or the file given on the command line,
 and parses it, thereby verifying that the syntax is not correctly wrong.
 .Pp
 If the file is syntactically correct,
-.Nm 
+.Nm
 tries to verify that the contents of the file is of relevant nature.
 .Sh DIAGNOSTICS
-Possible output from 
-.Nm 
+Possible output from
+.Nm
 include:
 .Bl -tag -width "<path>"
 .It "<path>: failed to parse <something> as size/time/number/boolean"
@@ -36,7 +36,7 @@ recognised as one.
 .It <path>: unknown or wrong type
 Means that <path> is either is a string when it should be a list, vice
 versa, or just that
-.Nm 
+.Nm
 is confused.
 .It <path>: unknown entry
 Means that <string> is not known by