more, mostly whitespace, fixes from Thomas Klasusner

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11176 ec53bebd-3082-4978-b11e-865c3cabbd6b

admin/ktutil.8

@@ -9,13 +9,13 @@
 .Sh SYNOPSIS
 .Nm
 .Oo Fl k Ar keytab \*(Ba Xo
-.Fl -keytab= Ns Ar keytab 
+.Fl -keytab= Ns Ar keytab
 .Xc
 .Oc
 .Op Fl v | Fl -verbose
 .Op Fl -version
 .Op Fl h | Fl -help
-.Ar command 
+.Ar command
 .Op Ar args
 .Sh DESCRIPTION
 .Nm
@@ -110,14 +110,14 @@ removes keys of any type.
 .Xc
 Renames all entries in the keytab that match the
 .Ar from-principal
-to 
+to
 .Ar to-principal .
 .It purge Xo
 .Op Fl -age= Ns Ar age
 .Xc
 Removes all old entries (for which there is a newer version) that are
 older than
-.Ar age 
+.Ar age
 (default one week).
 .It srvconvert
 .It srv2keytab Xo
@@ -127,12 +127,12 @@ older than
 Converts the version 4 srvtab in
 .Ar srvtab
 to a version 5 keytab and stores it in
-.Ar keytab . 
+.Ar keytab .
 Identical to:
 .Bd -ragged -offset indent
-.Li ktutil copy 
+.Li ktutil copy
 .Li krb4: Ns Ar srvtab
-.Ar keytab 
+.Ar keytab
 .Ed
 .It srvcreate
 .It key2srvtab Xo
@@ -145,8 +145,8 @@ to a version 4 srvtab and stores it in
 .Ar srvtab .
 Identical to:
 .Bd -ragged -offset indent
-.Li ktutil copy 
+.Li ktutil copy
-.Ar keytab 
+.Ar keytab
 .Li krb4: Ns Ar srvtab
 .Ed
 .El

appl/ftp/ftp/ftp.1

@@ -923,10 +923,10 @@ A synonym for help.
 The following command can be used with ftpsec-aware servers.
 .Bl -tag -width Fl
 .It Xo
-.Ic prot 
+.Ic prot
-.Ar clear | 
+.Ar clear |
-.Ar safe | 
+.Ar safe |
-.Ar confidential | 
+.Ar confidential |
 .Ar private
 .Xc
 Set the data protection level to the requested level.

appl/ftp/ftpd/ftpd.8

@@ -44,7 +44,7 @@
 .Op Fl a Ar authmode
 .Op Fl dilvU
 .Op Fl g Ar umask
-.Op Fl p Ar port 
+.Op Fl p Ar port
 .Op Fl T Ar maxtimeout
 .Op Fl t Ar timeout
 .Op Fl u Ar default umask
@@ -89,7 +89,7 @@ The following combination modes exists for backwards compatibility:
 Same as
 .Ar plain,ftp .
 .It Ar safe
-Same as 
+Same as
 .Ar ftp .
 .It Ar user
 Ignored.
@@ -103,7 +103,7 @@ Anonymous users will get a umask of
 Open a socket and wait for a connection. This is mainly used for
 debugging when ftpd isn't started by inetd.
 .It Fl l
-Each successful and failed 
+Each successful and failed
 .Xr ftp 1
 session is logged using syslog with a facility of LOG_FTP.
 If this option is specified twice, the retrieve (get), store (put), append,
@@ -112,7 +112,7 @@ their filename arguments are also logged.
 .It Fl p
 Use
 .Ar port
-(a service name or number) instead of the default 
+(a service name or number) instead of the default
 .Ar ftp/tcp .
 .It Fl T
 A client may also request a different timeout period;
@@ -131,11 +131,11 @@ Set the initial umask to something else than the default 027.
 .It Fl U
 In previous versions of
 .Nm ftpd ,
-when a passive mode client requested a data connection to the server, the 
+when a passive mode client requested a data connection to the server, the
-server would use data ports in the range 1024..4999.  Now, by default, 
+server would use data ports in the range 1024..4999.  Now, by default,
 if the system supports the IP_PORTRANGE socket option, the server will
 use data ports in the range 49152..65535.  Specifying this option will
-revert to the old behavior.  
+revert to the old behavior.
 .It Fl v
 Verbose mode.
 .It Xo
@@ -159,7 +159,7 @@ If the file
 .Pa /etc/ftpwelcome
 exists,
 .Nm
-prints it before issuing the 
+prints it before issuing the
 .Dq ready
 message.
 If the file
@@ -231,13 +231,13 @@ by the
 SITE request.
 .Pp
 .Bl -column Request -offset indent
-.It UMASK Ta change umask, (e.g. 
+.It UMASK Ta change umask, (e.g.
 .Ic "SITE UMASK 002" )
-.It IDLE Ta set idle-timer, (e.g. 
+.It IDLE Ta set idle-timer, (e.g.
 .Ic "SITE IDLE 60" )
-.It CHMOD Ta change mode of a file (e.g. 
+.It CHMOD Ta change mode of a file (e.g.
 .Ic "SITE CHMOD 755 filename" )
-.It FIND Ta quickly find a specific file with GNU 
+.It FIND Ta quickly find a specific file with GNU
 .Xr locate 1 .
 .It HELP Ta give help information.
 .El
@@ -273,7 +273,7 @@ This allows users to utilize the metacharacters
 .Dq Li \&*?[]{}~ .
 .Pp
 .Nm Ftpd
-authenticates users according to these rules. 
+authenticates users according to these rules.
 .Pp
 .Bl -enum -offset indent
 .It
@@ -295,7 +295,7 @@ for more information on OTP authentication.
 The login name must not appear in the file
 .Pa /etc/ftpusers .
 .It
-The user must have a standard shell returned by 
+The user must have a standard shell returned by
 .Xr getusershell 3 .
 .It
 If the user name appears in the file
@@ -307,7 +307,7 @@ as for an
 or
 .Dq ftp
 account (see next item).  However, the user must still supply a password.
-This feature is intended as a compromise between a fully anonymous account 
+This feature is intended as a compromise between a fully anonymous account
 and a fully privileged account.  The account should also be set up as for an
 anonymous account.
 .It
@@ -324,10 +324,10 @@ to log in by specifying any password (by convention an email address for
 the user should be used as the password).
 .El
 .Pp
-In the last case, 
+In the last case,
 .Nm ftpd
 takes special measures to restrict the client's access privileges.
-The server performs a 
+The server performs a
 .Xr chroot 2
 to the home directory of the
 .Dq ftp
@@ -348,14 +348,14 @@ file). No files should be owned or writable by
 as specified below).
 .Bl -tag -width "~ftp/pub" -offset indent
 .It Pa ~ftp
-The 
+The
 .Dq ftp
 homedirectory should be owned by root.
 .It Pa ~ftp/bin
-The directory for external programs (such as 
+The directory for external programs (such as
 .Xr ls 1 ) .
 These programs must either be statically linked, or you must setup an
-environment for dynamic linking when running chrooted.  
+environment for dynamic linking when running chrooted.
 These programs will be used if present:
 .Bl -tag -width "locate" -offset indent
 .It ls
@@ -376,30 +376,30 @@ Enables retrieval of whole directories as files ending in
 .Pa .tar .
 Can also be combined with compression. You must use GNU Tar (or some
 other that supports the
-.Fl z 
+.Fl z
 and
 .Fl Z
 flags).
 .It locate
-Will enable ``fast find'' with the 
+Will enable ``fast find'' with the
 .Ic SITE FIND
-command. You must also create a 
+command. You must also create a
 .Pa locatedb
-file in 
+file in
 .Pa ~ftp/etc .
 .El
 .It Pa ~ftp/etc
 If you put copies of the
 .Xr passwd 5
-and 
+and
 .Xr group 5
 files here, ls will be able to produce owner names rather than
-numbers. Remember to remove any passwords from these files.  
+numbers. Remember to remove any passwords from these files.
 .Pp
 The file
 .Pa motd ,
 if present, will be printed after a successful login.
-.It Pa ~ftp/dev 
+.It Pa ~ftp/dev
 Put a copy of
 .Xr /dev/null 7
 here.
@@ -409,12 +409,12 @@ Traditional place to put whatever you want to make public.
 .Pp
 If you want guests to be able to upload files, create a
 .Pa ~ftp/incoming
-directory owned by 
+directory owned by
 .Dq root ,
 and group
 .Dq ftp
-with mode 730 (make sure 
+with mode 730 (make sure
-.Dq ftp 
+.Dq ftp
 is member of group
 .Dq ftp ) .
 The following restrictions apply to anonymous users:
@@ -427,25 +427,25 @@ with the
 .Fl g
 option.
 .It
-These command are not accessible: 
+These command are not accessible:
-.Ic DELE , RMD , RNTO , RNFR , 
+.Ic DELE , RMD , RNTO , RNFR ,
 .Ic SITE UMASK ,
 and
 .Ic SITE CHMOD .
 .It
 Filenames must start with an alpha-numeric character, and consist of
-alpha-numeric characters or any of the following: 
+alpha-numeric characters or any of the following:
-.Li \&+  
+.Li \&+
 (plus),
-.Li \&-  
+.Li \&-
 (minus),
-.Li \&=  
+.Li \&=
 (equal),
-.Li \&_  
+.Li \&_
 (underscore),
-.Li \&.  
+.Li \&.
 (period), and
-.Li \&,  
+.Li \&,
 (comma).
 .El
 .Sh FILES

appl/ftp/ftpd/ftpusers.5

@@ -10,7 +10,7 @@
 .Pa /etc/ftpusers
 contains a list of users that should be allowed or denied FTP
 access. Each line contains a user, optionally followed by
-.Dq allow 
+.Dq allow
 (anything but
 .Dq allow
 is ignored).  The semi-user

appl/kx/rxtelnet.1

@@ -76,7 +76,7 @@ to host
 you might do the following.
 .Bl -enum
 .It
-On foo: 
+On foo:
 .Nm
 .Va bar
 .It

appl/kx/rxterm.1

@@ -72,7 +72,7 @@ to host
 you might do the following.
 .Bl -enum
 .It
-On foo: 
+On foo:
 .Nm
 .Va bar
 .It

appl/kx/tenletxr.1

@@ -40,7 +40,7 @@ to host
 you might do the following.
 .Bl -enum
 .It
-On foo: 
+On foo:
 .Nm
 .Va bar
 .It

appl/push/push.8

@@ -42,7 +42,7 @@ can have any of the following formats:
 .Pp
 If no username is specified,
 .Nm
-assumes that it's the same as on the local machine; 
+assumes that it's the same as on the local machine;
 .Ar hostname
 defaults to the value of the
 .Ev MAILHOST
@@ -88,7 +88,7 @@ a list of comma-separated headers that should get printed.
 .Fl -port Ns = Ns Ar port-spec
 .Xc
 use this port instead of the default
-.Ql kpop 
+.Ql kpop
 or
 .Ql 1109 .
 .El
@@ -117,8 +117,8 @@ and stores the mail in
 $ push --from -5 havregryn
 .Ed
 .Pp
-tries to fetch 
+tries to fetch
-.Sy From: 
+.Sy From:
 lines for current user at post office
 .Dq havregryn
 using Kerberos 5.

appl/rsh/rsh.1

@@ -10,17 +10,17 @@ remote shell
 .Sh SYNOPSIS
 .Nm
 .Op Fl 45FGKdefnuxz
-.Op Fl U Pa string 
+.Op Fl U Pa string
 .Op Fl p Ar port
 .Op Fl l Ar username
 .Ar host [command]
 .Sh DESCRIPTION
 .Nm
-authenticates to the 
+authenticates to the
-.Xr rshd 8 
+.Xr rshd 8
 daemon on the remote
 .Ar host ,
-and then executes the specified 
+and then executes the specified
 .Ar command .
 .Pp
 .Nm
@@ -33,8 +33,8 @@ Valid options are:
 .Fl 4 ,
 .Fl -krb4
 .Xc
-The 
+The
-.Fl 4 
+.Fl 4
 option requests Kerberos 4 authentication. Normally all supported
 authentication mechanisms will be tried, but in some cases more
 explicit control is desired.
@@ -42,16 +42,16 @@ explicit control is desired.
 .Fl 5 ,
 .Fl -krb5
 .Xc
-The 
+The
 .Fl 5
-option requests Kerberos 5 authentication. This is analogous to the 
+option requests Kerberos 5 authentication. This is analogous to the
 .Fl 4
 option.
 .It Xo
 .Fl K ,
 .Fl -broken
 .Xc
-The 
+The
 .Fl K
 option turns off all Kerberos authentication. The long name implies
 that this is more or less totally unsecure. The security in this mode
@@ -60,9 +60,9 @@ relies on reserved ports, which is not very secure.
 .Fl n ,
 .Fl -no-input
 .Xc
-The 
+The
 .Fl n
-option directs the input from the 
+option directs the input from the
 .Pa /dev/null
 device (see the
 .Sx BUGS
@@ -89,7 +89,7 @@ section for limitations).
 The opposite of
 .Fl x .
 This is the default, but encryption can be enabled when using
-Kerberos 5, by setting the 
+Kerberos 5, by setting the
 .Li libdefaults/encrypt
 option in
 .Xr krb5.conf 5 .
@@ -97,22 +97,22 @@ option in
 .Fl f ,
 .Fl -forward
 .Xc
-Forward Kerberos 5 credentials to the remote host. Also controlled by 
+Forward Kerberos 5 credentials to the remote host. Also controlled by
 .Li libdefaults/forward
-in 
+in
 .Xr krb5.conf 5 .
 .It Xo
 .Fl G
 .Xc
-The opposite of 
+The opposite of
 .Fl f .
 .It Xo
 .Fl F ,
 .Fl -forwardable
 .Xc
-Make the forwarded credentials re-forwardable. Also controlled by 
+Make the forwarded credentials re-forwardable. Also controlled by
 .Li libdefaults/forwardable
-in 
+in
 .Xr krb5.conf 5 .
 .It Xo
 .Fl u ,
@@ -147,8 +147,8 @@ option or the
 format allow the remote name to be specified.
 .El
 .\".Pp
-.\"Without a 
+.\"Without a
-.\".Ar command 
+.\".Ar command
 .\".Nm
 .\"will just exec
 .\".Xr rlogin 1
@@ -200,13 +200,13 @@ was written as part of the Heimdal Kerberos 5 implementation.
 .Sh BUGS
 Some shells (notably
 .Xr csh 1 )
-will cause 
+will cause
-.Nm 
+.Nm
-to block if run in the background, unless the standard input is directed away from the terminal. This is what the 
+to block if run in the background, unless the standard input is directed away from the terminal. This is what the
 .Fl n
 option is for.
 .Pp
-The 
+The
 .Fl x
 options enables encryption for the session, but for both Kerberos 4
 and 5 the actual command is sent unencrypted, so you should not send

appl/rsh/rshd.8

@@ -35,8 +35,8 @@ doesn't send any data.
 Assume that clients connecting to this server will use some form of
 Kerberos authentication. See the
 .Sx EXAMPLES
-section for a sample 
+section for a sample
-.Xr inetd.conf 5 
+.Xr inetd.conf 5
 configuration.
 .It Xo
 .Fl x ,
@@ -74,18 +74,18 @@ peculiar environments, such as some batch systems.
 .Fl i ,
 .Fl -no-inetd
 .Xc
-The 
+The
-.Fl i 
+.Fl i
 option will cause
-.Nm 
+.Nm
-to create a socket, instead of assuming that its stdin came from 
+to create a socket, instead of assuming that its stdin came from
 .Xr inetd 8 .
 This is mostly useful for debugging.
 .It Xo
 .Fl p Ar port ,
 .Fl -port= Ns Ar port
 .Xc
-Port to use with 
+Port to use with
 .Fl i .
 .It Xo
 .Fl a
@@ -95,7 +95,7 @@ This flag is for backwards compatibility only.
 .Fl L
 .Xc
 This flag enables logging of connections to
-.Xr syslogd 8 . 
+.Xr syslogd 8 .
 This option is always on in this implementation.
 .El
 .\".Sh ENVIRONMENT
@@ -106,7 +106,7 @@ This option is always on in this implementation.
 .El
 .Sh EXAMPLES
 The following can be used to enable Kerberised rsh in
-.Xr inetd.cond 5 , 
+.Xr inetd.cond 5 ,
 while disabling non-Kerberised connections:
 .Bd -literal
 shell   stream  tcp  nowait  root  /usr/libexec/rshd  rshd -v

appl/telnet/telnet/telnet.1

@@ -36,7 +36,7 @@
 .Os BSD 4.2
 .Sh NAME
 .Nm telnet
-.Nd user interface to the 
+.Nd user interface to the
 .Tn TELNET
 protocol
 .Sh SYNOPSIS
@@ -56,7 +56,7 @@ protocol
 The
 .Nm telnet
 command
-is used to communicate with another host using the 
+is used to communicate with another host using the
 .Tn TELNET
 protocol.
 If
@@ -102,7 +102,7 @@ connection to the value
 which can be a numeric TOS value
 or, on systems that support it, a symbolic
 TOS name found in the /etc/iptos file.
-.It Fl X Ar atype 
+.It Fl X Ar atype
 Disables the
 .Ar atype
 type of authentication.
@@ -129,7 +129,7 @@ Sets the initial value of the
 .Ic debug
 toggle to
 .Dv TRUE
-.It Fl e Ar escape char 
+.It Fl e Ar escape char
 Sets the initial
 .Nm
 .Nm telnet
@@ -150,7 +150,7 @@ option requests that telnet obtain tickets for the remote host in
 realm realm instead of the remote host's realm, as determined
 by
 .Xr krb_realmofhost 3 .
-.It Fl l Ar user 
+.It Fl l Ar user
 When connecting to the remote system, if the remote system
 understands the
 .Ev ENVIRON
@@ -163,7 +163,7 @@ option.
 This option may also be used with the
 .Ic open
 command.
-.It Fl n Ar tracefile 
+.It Fl n Ar tracefile
 Opens
 .Ar tracefile
 for recording trace information.
@@ -208,7 +208,7 @@ either \*(Lqcharacter at a time\*(Rq
 or \*(Lqold line by line\*(Rq
 depending on what the remote system supports.
 .Pp
-When 
+When
 .Dv LINEMODE
 is enabled, character processing is done on the
 local system, under the control of the remote system.  When input
@@ -227,7 +227,7 @@ to turn off and on the local echo
 (this would mostly be used to enter passwords
 without the password being echoed).
 .Pp
-If the 
+If the
 .Dv LINEMODE
 option is enabled, or if the
 .Ic localchars
@@ -242,7 +242,7 @@ and
 characters are trapped locally, and sent as
 .Tn TELNET
 protocol sequences to the remote side.
-If 
+If
 .Dv LINEMODE
 has ever been enabled, then the user's
 .Ic susp
@@ -253,9 +253,9 @@ are also sent as
 protocol sequences,
 and
 .Ic quit
-is sent as a 
+is sent as a
 .Dv TELNET ABORT
-instead of 
+instead of
 .Dv BREAK
 There are options (see
 .Ic toggle
@@ -296,7 +296,7 @@ and
 commands).
 .Pp
 .Bl -tag -width "mode type"
-.It Ic auth Ar argument ... 
+.It Ic auth Ar argument ...
 The auth command manipulates the information sent through the
 .Dv TELNET AUTHENTICATE
 option.  Valid arguments for the
@@ -320,7 +320,7 @@ authentication.
 Close a
 .Tn TELNET
 session and return to command mode.
-.It Ic display Ar argument ... 
+.It Ic display Ar argument ...
 Displays all, or some, of the
 .Ic set
 and
@@ -417,7 +417,7 @@ Valid arguments for the
 .Ic environ
 command are:
 .Bl -tag -width Fl
-.It Ic define Ar variable value 
+.It Ic define Ar variable value
 Define the variable
 .Ar variable
 to have a value of
@@ -427,15 +427,15 @@ The
 .Ar value
 may be enclosed in single or double quotes so
 that tabs and spaces may be included.
-.It Ic undefine Ar variable 
+.It Ic undefine Ar variable
 Remove
 .Ar variable
 from the list of environment variables.
-.It Ic export Ar variable 
+.It Ic export Ar variable
 Mark the variable
 .Ar variable
 to be exported to the remote side.
-.It Ic unexport Ar variable 
+.It Ic unexport Ar variable
 Mark the variable
 .Ar variable
 to not be exported unless
@@ -469,7 +469,7 @@ If the remote side also supports the concept of
 suspending a user's session for later reattachment,
 the logout argument indicates that you
 should terminate the session immediately.
-.It Ic mode Ar type 
+.It Ic mode Ar type
 .Ar Type
 is one of several options, depending on the state of the
 .Tn TELNET
@@ -490,40 +490,40 @@ Enable the
 option, or, if the remote side does not understand the
 .Dv LINEMODE
 option, then attempt to enter \*(Lqold-line-by-line\*(Lq mode.
-.It Ic isig Pq Ic \-isig 
+.It Ic isig Pq Ic \-isig
-Attempt to enable (disable) the 
+Attempt to enable (disable) the
 .Dv TRAPSIG
-mode of the 
+mode of the
 .Dv LINEMODE
 option.
-This requires that the 
+This requires that the
 .Dv LINEMODE
 option be enabled.
-.It Ic edit Pq Ic \-edit 
+.It Ic edit Pq Ic \-edit
-Attempt to enable (disable) the 
+Attempt to enable (disable) the
 .Dv EDIT
-mode of the 
+mode of the
 .Dv LINEMODE
 option.
-This requires that the 
+This requires that the
 .Dv LINEMODE
 option be enabled.
-.It Ic softtabs Pq Ic \-softtabs 
+.It Ic softtabs Pq Ic \-softtabs
-Attempt to enable (disable) the 
+Attempt to enable (disable) the
 .Dv SOFT_TAB
-mode of the 
+mode of the
 .Dv LINEMODE
 option.
-This requires that the 
+This requires that the
 .Dv LINEMODE
 option be enabled.
-.It Ic litecho Pq Ic \-litecho 
+.It Ic litecho Pq Ic \-litecho
-Attempt to enable (disable) the 
+Attempt to enable (disable) the
 .Dv LIT_ECHO
-mode of the 
+mode of the
 .Dv LINEMODE
 option.
-This requires that the 
+This requires that the
 .Dv LINEMODE
 option be enabled.
 .It Ic ?\&
@@ -579,7 +579,7 @@ Close any open
 session and exit
 .Nm telnet  .
 An end of file (in command mode) will also close a session and exit.
-.It Ic send Ar arguments 
+.It Ic send Ar arguments
 Sends one or more special character sequences to the remote host.
 The following are the arguments which may be specified
 (more than one argument may be specified at a time):
@@ -701,8 +701,8 @@ Prints out help information for the
 .Ic send
 command.
 .El
-.It Ic set Ar argument value 
+.It Ic set Ar argument value
-.It Ic unset Ar argument value 
+.It Ic unset Ar argument value
 The
 .Ic set
 command will set any one of a number of
@@ -1002,16 +1002,16 @@ Displays the legal
 .Pq Ic unset
 commands.
 .El
-.It Ic slc Ar state 
+.It Ic slc Ar state
 The
 .Ic slc
 command (Set Local Characters) is used to set
 or change the state of the the special
-characters when the 
+characters when the
 .Dv TELNET LINEMODE
 option has
 been enabled.  Special characters are characters that get
-mapped to 
+mapped to
 .Tn TELNET
 commands sequences (like
 .Ic ip
@@ -1037,7 +1037,7 @@ was started.
 .It Ic import
 Switch to the remote defaults for the special characters.
 The remote default characters are those of the remote system
-at the time when the 
+at the time when the
 .Tn TELNET
 connection was established.
 .It Ic ?\&
@@ -1050,7 +1050,7 @@ Show the current status of
 .Nm telnet  .
 This includes the peer one is connected to, as well
 as the current mode.
-.It Ic toggle Ar arguments ... 
+.It Ic toggle Ar arguments ...
 Toggle (between
 .Dv TRUE
 and
@@ -1319,13 +1319,13 @@ Suspend
 .Nm telnet  .
 This command only works when the user is using the
 .Xr csh  1  .
-.It Ic \&! Op Ar command 
+.It Ic \&! Op Ar command
 Execute a single command in a subshell on the local
 system.  If
 .Ic command
 is omitted, then an interactive
 subshell is invoked.
-.It Ic ?\& Op Ar command 
+.It Ic ?\& Op Ar command
 Get help.  With no arguments,
 .Nm telnet
 prints a help summary.
@@ -1361,7 +1361,7 @@ command appeared in
 On some remote systems, echo has to be turned off manually when in
 \*(Lqold line by line\*(Rq mode.
 .Pp
-In \*(Lqold line by line\*(Rq mode or 
+In \*(Lqold line by line\*(Rq mode or
 .Dv LINEMODE
 the terminal's
 .Ic eof

appl/telnet/telnetd/telnetd.8

@@ -75,7 +75,7 @@ option may be used to start up
 .Nm telnetd
 manually, instead of through
 .Xr inetd 8 .
-If started up this way, 
+If started up this way,
 .Ar port
 may be specified to run
 .Nm telnetd
@@ -153,7 +153,7 @@ to print out debugging information
 to the connection, allowing the user to see what
 .Nm telnetd
 is doing.
-There are several possible values for 
+There are several possible values for
 .Ar debugmode :
 .Bl -tag -width exercise
 .It Cm options
@@ -161,7 +161,7 @@ Prints information about the negotiation of
 .Tn TELNET
 options.
 .It Cm report
-Prints the 
+Prints the
 .Cm options
 information, plus some additional information
 about what processing is going on.
@@ -261,7 +261,7 @@ not warn when a user is trying to login with a cleartext password.
 operates by allocating a pseudo-terminal device (see
 .Xr pty 4 )
 for a client, then creating a login process which has
-the slave side of the pseudo-terminal as 
+the slave side of the pseudo-terminal as
 .Dv stdin ,
 .Dv stdout
 and
@@ -275,7 +275,7 @@ between the remote client and the login process.
 .Pp
 When a
 .Tn TELNET
-session is started up, 
+session is started up,
 .Nm telnetd
 sends
 .Tn TELNET

kadmin/kadmin.8

@@ -43,10 +43,10 @@
 .Sh DESCRIPTION
 The
 .Nm
-program is used to make modification to the Kerberos database, either remotely via the 
+program is used to make modification to the Kerberos database, either remotely via the
 .Xr kadmind 8
-daemon, or locally (with the 
+daemon, or locally (with the
-.Fl l 
+.Fl l
 option).
 .Pp
 Supported options:
@@ -93,12 +93,12 @@ port to use
 local admin mode
 .El
 .Pp
-If no 
+If no
 .Ar command
 is given on the command line,
-.Nm 
+.Nm
 will prompt for commands to process. Commands include:
-.\" not using a list here, since groff apparently gets confused 
+.\" not using a list here, since groff apparently gets confused
 .\" with nested Xo/Xc
 .Bd -ragged -offset indent
 .Nm add
@@ -236,7 +236,7 @@ reads a previously dumped database, and re-creates that database from scratch
 .Ar file
 .Pp
 .Bd -ragged -offset indent
-similar to 
+similar to
 .Nm list
 but just modifies the database with the entries in the dump file
 .Ed

kadmin/kadmind.8

@@ -29,21 +29,22 @@
 .Sh DESCRIPTION
 .Nm
 listens for requests for changes to the Kerberos database and performs
-these, subject to permissions.  When starting, if stdin is a socket it assumes that it has been started by 
+these, subject to permissions.  When starting, if stdin is a socket it
+assumes that it has been started by
 .Xr inetd 8 ,
 otherwise it behaves as a daemon, forking processes for each new
-connection. The 
+connection. The
 .Fl -debug
-option causes 
+option causes
 .Nm
-to accept exactly one connection, which is useful for debugging. 
+to accept exactly one connection, which is useful for debugging.
 .Pp
 If built with krb4 support, it implements both the Heimdal Kerberos 5
 administrative protocol and the Kerberos 4 protocol. Password changes
 via the Kerberos 4 protocol are also performed by
 .Nm kadmind ,
 but the
-.Xr kpasswdd 8 
+.Xr kpasswdd 8
 daemon is responsible for the Kerberos 5 password changing protocol
 (used by
 .Xr kpasswd 1 )
@@ -119,7 +120,7 @@ enable debugging
 ports to listen to. By default, if run as a daemon, it listen to ports
 749, and 751 (if built with Kerberos 4 support), but you can add any
 number of ports with this option. The port string is a whitespace
-separated list of port specifications, with the special string 
+separated list of port specifications, with the special string
 .Dq +
 representing the default set of ports.
 .El
@@ -142,7 +143,7 @@ mallory/admin@EXAMPLE.COM  add,get  host/*@EXAMPLE.COM
 .Ed
 .\".Sh DIAGNOSTICS
 .Sh SEE ALSO
-.Xr kadmin 1 ,
 .Xr kpasswd 1 ,
+.Xr kadmin 8 ,
 .Xr kdc 8 ,
 .Xr kpasswdd 8

kdc/hprop.8

@@ -70,7 +70,7 @@ The database to be propagated.
 .It Xo
 .Fl -source= Ns Ar heimdal|mit-dump|krb4-dump|krb4-db|kaserver
 .Xc
-Specifies the type of the source database. Alternatives include: 
+Specifies the type of the source database. Alternatives include:
 
 .Bl -tag -width krb4-dump -compact -offset indent
 .It heimdal
@@ -140,13 +140,13 @@ Also dump the principals marked as special in the kaserver database.
 .Fl 4 ,
 .Fl -v4-db
 .Xc
-Deprecated, identical to 
+Deprecated, identical to
 .Sq --source=krb4-db .
 .It Xo
 .Fl K ,
 .Fl -ka-db
 .Xc
-Deprecated, identical to 
+Deprecated, identical to
 .Sq --source=kaserver .
 .El
 .Sh EXAMPLES

kdc/kdc.8

@@ -89,14 +89,14 @@ will listen on all the locally configured addresses.  If only a subset
 is desired, or the automatic detection fails, this option might be used.
 .El
 .Pp
-All activities , are logged to one or more destinations, see 
+All activities , are logged to one or more destinations, see
 .Xr krb5.conf 5 ,
 and
 .Xr krb5_openlog 3 .
 The entity used for logging is
 .Nm kdc .
 .Sh CONFIGURATION FILE
-The configuration file has the same syntax as the 
+The configuration file has the same syntax as the
 .Pa krb5.conf
 file (you can actually put the configuration in
 .Pa /etc/krb5.conf ,

kuser/kinit.1

@@ -90,8 +90,8 @@ Get ticket that can be forwarded to another host.
 .Xc
 Don't ask for a password, but instead get the key from the specified
 keytab.
-.It Xo 
+.It Xo
-.Fl l Ar time Ns , 
+.Fl l Ar time Ns ,
 .Fl -lifetime= Ns Ar time
 .Xc
 Specifies the lifetime of the ticket. The argument can either be in
@@ -174,13 +174,13 @@ Request a ticket with no addresses.
 .Fl -anonymous
 .Xc
 Request an anonymous ticket (which means that the ticket will be
-issued to an anonymous principal, typically 
+issued to an anonymous principal, typically
 .Dq anonymous@REALM).
 .El
 .Pp
 The following options are only available if
-.Nm 
+.Nm
-has been compiled with support for Kerberos 4. 
+has been compiled with support for Kerberos 4.
 .Bl -tag -width Ds
 .It Xo
 .Fl 4 ,
@@ -199,12 +199,12 @@ Gets AFS tickets, converts them to version 4 format, and stores them
 in the kernel. Only useful if you have AFS.
 .El
 .Pp
-The 
+The
 .Ar forwardable ,
 .Ar proxiable ,
 .Ar ticket_life ,
 and
-.Ar renewable_life 
+.Ar renewable_life
 options can be set to a default value from the
 .Dv appdefaults
 section in krb5.conf, see
@@ -212,7 +212,7 @@ section in krb5.conf, see
 .Pp
 If  a
 .Ar command
-is given, 
+is given,
 .Nm kinit
 will setup new credentials caches, and AFS PAG, and then run the given
 command. When it finishes the credentials will be removed.

kuser/klist.1

@@ -82,7 +82,7 @@ pre-authenticated
 hardware authenticated
 .El
 .Pp
-This information is also output with the 
+This information is also output with the
 .Fl -verbose
 option, but in a more verbose way.
 .It Xo

lib/des/des.1

@@ -1,4 +1,4 @@
-.TH DES 1 
+.TH DES 1
 .SH NAME
 des - encrypt or decrypt data using Data Encryption Standard
 .SH SYNOPSIS
@@ -134,7 +134,7 @@ Does nothing - allowed for compatibility with sunOS des(1) command.
 Does nothing - allowed for compatibility with sunOS des(1) command.
 .TP
 .B "\-k \fIkey\fP"
-Use the encryption 
+Use the encryption
 .I key
 specified.
 .TP

lib/kafs/kafs.3

@@ -49,26 +49,26 @@ obtains new tokens (and possibly tickets) for the specified
 .Fa cell
 and
 .Fa realm .
-If 
+If
 .Fa cell
-is 
+is
 .Dv NULL ,
-the local cell is used. If 
+the local cell is used. If
-.Fa realm 
+.Fa realm
 is
 .Dv NULL ,
 the function tries to guess what realm to use. Unless you  have some good knowledge of what cell or realm to use, you should pass
-.Dv NULL . 
+.Dv NULL .
-.Fn krb_afslog 
+.Fn krb_afslog
 will use the real user-id for the
 .Dv ViceId
-field in the token, 
+field in the token,
 .Fn krb_afslog_uid
 will use
 .Fa uid .
 .Pp
 .\" .Fn krb5_afslog ,
-.\" and 
+.\" and
 .\" .Fn krb5_afslog_uid
 .\" are the Kerberos 5 equivalents of
 .\" .Fn krb_afslog ,
@@ -83,15 +83,15 @@ will use
 .\" function will be used.
 .\" .Pp
 .Fn k_afs_cell_of_file
-will in 
+will in
 .Fa cell
 return the cell of a specified file, no more than
 .Fa len
-characters is put in 
+characters is put in
 .Fa cell .
 .Pp
 .Fn k_pioctl
-does a 
+does a
 .Fn pioctl
 syscall with the specified arguments. This function is equivalent to
 .Fn lpioctl .
@@ -121,14 +121,14 @@ and
 .Fn krb_afslog_uid
 returns 0 on success, or a kerberos error number on failure.
 .Fn k_afs_cell_of_file ,
-.Fn k_pioctl , 
+.Fn k_pioctl ,
 .Fn k_setpag ,
 and
 .Fn k_unlog
 all return the value of the underlaying system call, 0 on success.
 .Sh EXAMPLES
 The following code from
-.Nm login 
+.Nm login
 will obtain a new PAG and tokens for the local cell and the cell of
 the users home directory.
 .Bd -literal
@@ -141,7 +141,7 @@ if (k_hasafs()) {
 }
 .Ed
 .Sh ERRORS
-If any of these functions (apart from 
+If any of these functions (apart from
 .Fn k_hasafs )
 is called without AFS beeing present in the kernel, the process will
 usually (depending on the operating system) receive a SIGSYS signal.

lib/krb5/kerberos.8

@@ -9,14 +9,14 @@
 .Sh DESCRIPTION
 Kerberos is a network authentication system. Its purpose is to
 securely authenticate users and services in an insecure network
-environment. 
+environment.
 .Pp
 This is done with a Kerberos server acting as a trusted third party,
 keeping a database with secret keys for all users and services
 (collectively called
 .Em principals ) .
 .Pp
-Each principal belongs to exactly one 
+Each principal belongs to exactly one
 .Em realm ,
 which is the administrative domain in Kerberos. A realm usually
 corresponds to an organisation, and the realm should normally be
@@ -25,14 +25,14 @@ or more Kerberos servers.
 .Pp
 The authentication process involves exchange of
 .Sq tickets
-and 
+and
-.Sq authenticators 
+.Sq authenticators
 which together prove the principal's identity.
 .Pp
 When you login to the Kerberos system, either through the normal
 system login or with the
 .Xr kinit 1
-program, you acquire a 
+program, you acquire a
 .Em ticket granting ticket
 which allows you to get new tickets for other services, such as
 .Ic telnet

lib/krb5/krb5.conf.5

@@ -7,7 +7,7 @@
 .Nm /etc/krb5.conf
 .Nd configuration file for Kerberos 5
 .Sh DESCRIPTION
-The 
+The
 .Nm
 file specifies several configuration parameters for the Kerberos 5
 library, as well as for some programs.
@@ -78,7 +78,7 @@ Default renewable ticket lifetime.
 .It Li [libdefaults]
 .Bl -tag -width "xxx" -offset indent
 .It Li default_realm = Va REALM
-Default realm to use, this is also known as your 
+Default realm to use, this is also known as your
 .Dq local realm .
 The default is the result of
 .Fn krb5_get_host_realm "local hostname" .
@@ -89,7 +89,7 @@ times. Default is 300 seconds (five minutes).
 Maximum time to wait for a reply from the kdc, default is 3 seconds.
 .It v4_name_convert
 .It v4_instance_resolve
-These are decribed in the 
+These are decribed in the
 .Xr krb5_425_conv_principal  3
 manual page.
 .It Li capath = {
@@ -263,12 +263,12 @@ verify the addresses in the tickets used in tgs requests.
 .\" XXX
 .It allow-null-ticket-addresses = Va BOOL
 allow addresses-less tickets.
-.\" XXX 
+.\" XXX
 .It allow-anonymous = Va BOOL
 if the kdc is allowed to hand out anonymous tickets.
 .It encode_as_rep_as_tgs_rep = Va BOOL
 encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did.
-.\" XXX 
+.\" XXX
 .It kdc_warn_pwexpire = Va TIME
 the time before expiration that the user should be warned that her
 password is about to expire.
@@ -292,7 +292,7 @@ if
 .Ar etype
 is omitted it means everything, and if string is omitted is means the default string (for that principal). Additional special values of keyttypes are:
 .Bl -tag -width "xxx" -offset indent
-.It v5 
+.It v5
 The kerberos 5 salt
 .Va pw-salt
 .It v4

lib/krb5/krb5_425_conv_principal.3

@@ -42,11 +42,11 @@ is non-NULL, it will be called for each candidate principal.
 .Fa func
 should return true if the principal was
 .Dq good .
-To accomplish this, 
+To accomplish this,
-.Fn krb5_425_conv_principal_ext 
+.Fn krb5_425_conv_principal_ext
 will look up the name in
 .Pa krb5.conf .
-It first looks in the 
+It first looks in the
 .Li v4_name_convert/host
 subsection, which should contain a list of version 4 names whose
 instance should be treated as a hostname. This list can be specified
@@ -57,7 +57,7 @@ section), or in the
 section.  If the name is found the resulting name of the principal
 will be the value of this binding. The instance is then first looked
 up in
-.Li v4_instance_convert 
+.Li v4_instance_convert
 for the specified realm. If found the resulting value will be used as
 instance (this can be used for special cases), no further attempts
 will be made to find a conversion if this fails (with
@@ -74,7 +74,7 @@ specific realm.
 .Pp
 On the other hand, if the name is not found in a
 .Li host
-section, it is looked up in a 
+section, it is looked up in a
 .Li v4_name_convert/plain
 binding. If found here the name will be converted, but the instance
 will be untouched.
@@ -99,9 +99,9 @@ config file, so you can override these defaults.
 .Fn krb5_425_conv_principal
 will call
 .Fn krb5_425_conv_principal_ext
-with 
+with
 .Dv NULL
-as 
+as
 .Fa func ,
 and the value of
 .Li v4_instance_resolve
@@ -111,24 +111,24 @@ section) as
 .Fa resolve .
 .Pp
 .Fn krb5_524_conv_principal
-basically does the opposite of 
+basically does the opposite of
 .Fn krb5_425_conv_principal ,
 it just doesn't have to look up any names, but will instead truncate
 instances found to belong to a host principal. The
-.Fa name , 
+.Fa name ,
-.Fa instance , 
+.Fa instance ,
-and 
+and
 .Fa realm
 should be at least 40 characters long.
 .Sh EXAMPLES
 Since this is confusing an example is in place.
 .Pp
-Assume that we have the 
+Assume that we have the
-.Dq foo.com , 
+.Dq foo.com ,
-and 
+and
-.Dq bar.com  
+.Dq bar.com
-domains that have shared a single version 4 realm, FOO.COM. The version 4 
+domains that have shared a single version 4 realm, FOO.COM. The version 4
-.Pa krb.realms 
+.Pa krb.realms
 file looked like:
 .Bd -literal -offset indent
 foo.com		FOO.COM
@@ -167,19 +167,19 @@ ftp.other	\(-> ftp/other.foo.com
 other.a-host	\(-> other/a-host
 .Ed
 .Pp
-The first three are what you expect. If you remove the 
+The first three are what you expect. If you remove the
 .Dq v4_domains ,
 the fourth entry will result in an error (since the host
 .Dq other
-can't be found). Even if 
+can't be found). Even if
-.Dq a-host 
+.Dq a-host
 is a valid host name, the last entry will not be converted, since the
 .Dq other
 name is not known to represent a host-type principal.
 If you turn off
 .Dq v4_instance_resolve
 the second example will result in
-.Dq ftp/b-host.foo.com 
+.Dq ftp/b-host.foo.com
 (because of the default domain). And all of this is of course only
 valid if you have working name resolving.
 .Sh SEE ALSO

lib/krb5/krb5_appdefault.3

@@ -17,14 +17,14 @@
 .Ft void
 .Fn krb5_appdefault_time "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "time_t def_val" "time_t *ret_val"
 .Sh DESCRIPTION
-These functions get application application defaults from the 
+These functions get application application defaults from the
 .Dv appdefaults
 section of the
-.Xr krb5.conf 5 
+.Xr krb5.conf 5
 configuration file. These defaults can be specified per application,
 and/or per realm.
 .Pp
-These values will be looked for in 
+These values will be looked for in
 .Xr krb5.conf 5 ,
 in order of descending importance.
 .Bd -literal -offset indent
@@ -46,7 +46,7 @@ in order of descending importance.
 is the name of the application, and
 .Fa realm
 is the realm name. If the realm is omitted it will not be used for
-resolving values. 
+resolving values.
 .Fa def_val
 is the value to return if no value is found in
 .Xr krb5.conf 5 .

lib/krb5/krb5_auth_context.3

@@ -119,9 +119,9 @@
 The
 .Nm krb5_auth_context
 structure holds all context related to an authenticated connection, in
-a similar way to 
+a similar way to
 .Nm krb5_context
-that holds the context for the thread or process.  
+that holds the context for the thread or process.
 .Nm krb5_auth_context
 is used by various functions that are directly related to
 authentication between the server/client. Example of data that this
@@ -138,18 +138,18 @@ and
 .Fn krb5_auth_con_setflags .
 The
 .Nm auth_context
-structure must be freed by 
+structure must be freed by
 .Fn krb5_auth_con_free .
 .Pp
 .Fn krb5_auth_con_getflags
 and
 .Fn krb5_auth_con_setflags
-gets and modifies the flags for a 
+gets and modifies the flags for a
 .Nm krb5_auth_context
 structure. Possible flags to set are:
 .Bl -tag -width Ds
 .It Dv KRB5_AUTH_CONTEXT_DO_TIME
-check timestamp on incoming packets. 
+check timestamp on incoming packets.
 .\".It Dv KRB5_AUTH_CONTEXT_RET_TIME
 .It Dv KRB5_AUTH_CONTEXT_DO_SEQUENCE
 Generate and check sequence-number on each packet.
@@ -186,7 +186,7 @@ fetches the addresses from a file descriptor.
 .Pp
 .Fn krb5_auth_con_genaddrs
 fetches the address information from the given file descriptor
-.Fa fd 
+.Fa fd
 depending on the bitmap argument
 .Fa flags .
 .Pp
@@ -219,7 +219,7 @@ and thus no special handling is needed.
 is not a valid keyblock to
 .Fn krb5_auth_con_setkey .
 .Pp
-.Fn krb5_auth_con_setuserkey 
+.Fn krb5_auth_con_setuserkey
 is only useful when doing user to user authentication.
 .Fn krb5_auth_con_setkey
 is equivalent to
@@ -230,7 +230,7 @@ is equivalent to
 .Fn krb5_auth_con_getremotesubkey
 and
 .Fn krb5_auth_con_setremotesubkey
-gets and sets the keyblock for the local and remote subkey. The keyblock returned by 
+gets and sets the keyblock for the local and remote subkey. The keyblock returned by
 .Fn krb5_auth_con_getlocalsubkey
 and
 .Fn krb5_auth_con_getremotesubkey
@@ -259,7 +259,7 @@ gets and gets the keytype of the keyblock in
 .Pp
 .Fn krb5_auth_getauthenticator
 Retrieves the authenticator that was used during mutual
-authentication. The 
+authentication. The
 .Dv authenticator
 returned should be freed by calling
 .Fn krb5_free_authenticator .
@@ -275,7 +275,7 @@ allocates memory for and zeros the initial vector in the
 keyblock.
 .Pp
 .Fn krb5_auth_con_setivector
-sets the i_vector portion of 
+sets the i_vector portion of
 .Fa auth_context
 to
 .Fa ivector .

lib/krb5/krb5_build_principal.3

@@ -25,7 +25,7 @@
 .Sh DESCRIPTION
 These functions create a Kerberos 5 principal from a realm and a list
 of components.
-All of these functions return an allocated principal in the 
+All of these functions return an allocated principal in the
 .Fa principal
 parameter, this should be freed with
 .Fn krb5_free_principal
@@ -36,22 +36,22 @@ The
 functions take a
 .Fa realm
 and the length of the realm.  The
-.Fn krb5_build_principal 
+.Fn krb5_build_principal
 and
 .Fn krb5_build_principal_va
 also takes a list of components (zero-terminated strings), terminated
 with
 .Dv NULL .
 The
-.Fn krb5_build_principal_ext 
+.Fn krb5_build_principal_ext
-and 
+and
-.Fn krb5_build_principal_va_ext 
+.Fn krb5_build_principal_va_ext
 takes a list of length-value pairs, the list is terminated with a zero
 length.
 .Pp
-The 
+The
 .Fn krb5_make_principal
-is a wrapper around 
+is a wrapper around
 .Fn krb5_build_principal .
 If the realm is
 .Dv NULL ,

lib/krb5/krb5_config.3

@@ -20,8 +20,8 @@
 .Ft int
 .Fn krb5_config_get_time_default "krb5_context context" "krb5_config_section *c" "int def_value" "..."
 .Sh DESCRIPTION
-These functions get values from the 
+These functions get values from the
-.Xr krb5.conf 5 
+.Xr krb5.conf 5
 configuration file, or another configuration database specified by the
 .Fa c
 parameter.
@@ -39,11 +39,11 @@ option, defaulting to
 .Pp
 .Fn krb5_config_get_bool_default
 will convert the option value to a boolean value, where
-.Sq yes , 
+.Sq yes ,
 .Sq true ,
 and any non-zero number means
 .Dv TRUE ,
-and any other value 
+and any other value
 .Dv FALSE .
 .Pp
 .Fn krb5_config_get_int_default

lib/krb5/krb5_create_checksum.3

@@ -4,10 +4,10 @@
 .Dt NAME 3
 .Os HEIMDAL
 .Sh NAME
-.Nm krb5_checksum_is_collision_proof , 
+.Nm krb5_checksum_is_collision_proof ,
-.Nm krb5_checksum_is_keyed , 
+.Nm krb5_checksum_is_keyed ,
-.Nm krb5_checksumsize , 
+.Nm krb5_checksumsize ,
-.Nm krb5_create_checksum , 
+.Nm krb5_create_checksum ,
 .Nm krb5_verify_checksum
 .Nd creates and verifies checksums
 .Sh SYNOPSIS
@@ -22,15 +22,15 @@
 .Fn krb5_checksum_is_keyed "krb5_context context" "krb5_cksumtype type"
 .Sh DESCRIPTION
 These functions are used to create and verify checksums.
-.Fn krb5_create_checksum 
+.Fn krb5_create_checksum
 creates a checksum of the specified data, and puts it in
 .Fa result .
 If
 .Fa crypto
-is 
+is
 .Dv NULL ,
-.Fa usage_or_type 
+.Fa usage_or_type
-specifies the checksum type to use; it must not be keyed. Otherwise 
+specifies the checksum type to use; it must not be keyed. Otherwise
 .Fa crypto
 is an encryption context created by
 .Fn krb5_crypto_init ,
@@ -41,7 +41,7 @@ specifies a key-usage.
 .Fn krb5_verify_checksum
 verifies the
 .Fa checksum ,
-against the provided data. 
+against the provided data.
 .Pp
 .Fn krb5_checksum_is_collision_proof
 returns true is the specified checksum is collision proof (that it's
@@ -52,7 +52,7 @@ collision proof checksums are MD5, and SHA1, while CRC32 is not.
 .Fn krb5_checksum_is_keyed
 returns true if the specified checksum type is keyed (that the hash
 value is a function of both the data, and a separate key). Examples of
-keyed hash algorithms are HMAC-SHA1-DES3, and RSA-MD5-DES. The 
+keyed hash algorithms are HMAC-SHA1-DES3, and RSA-MD5-DES. The
 .Dq plain
 hash functions MD5, and SHA1 are not keyed.
 .\" .Sh EXAMPLE

lib/krb5/krb5_crypto_init.3

@@ -4,7 +4,7 @@
 .Dt NAME 3
 .Os HEIMDAL
 .Sh NAME
-.Nm krb5_crypto_init , 
+.Nm krb5_crypto_init ,
 .Nm krb5_crypto_destroy
 .Nd initialize encryption context
 .Sh SYNOPSIS

lib/krb5/krb5_encrypt.3

@@ -4,9 +4,9 @@
 .Dt KRB5_ENCRYPT 3
 .Os HEIMDAL
 .Sh NAME
-.Nm krb5_decrypt , 
+.Nm krb5_decrypt ,
-.Nm krb5_decrypt_EncryptedData , 
+.Nm krb5_decrypt_EncryptedData ,
-.Nm krb5_encrypt , 
+.Nm krb5_encrypt ,
 .Nm krb5_encrypt_EncryptedData
 .Nd encrypt and decrypt data
 .Sh SYNOPSIS
@@ -23,23 +23,23 @@
 These functions are used to encrypt and decrypt data.
 .Pp
 .Fn krb5_encrypt
-puts the encrypted version of 
+puts the encrypted version of
 .Fa data
 (of size
 .Fa len )
 in
 .Fa result .
-If the encryption type supports using derived keys, 
+If the encryption type supports using derived keys,
 .Fa usage
 should be the appropriate key-usage.
 .Fn krb5_encrypt_EncryptedData
 does the same as
 .Fn krb5_encrypt ,
 but it puts the encrypted data in a
-.Fa EncryptedData 
+.Fa EncryptedData
-structure instead. If 
+structure instead. If
-.Fa kvno 
+.Fa kvno
-is not zero, it will be put in the 
+is not zero, it will be put in the
 .Fa kvno field in the
 .Fa EncryptedData .
 .Pp

lib/krb5/krb5_free_addresses.3

@@ -11,10 +11,10 @@
 .Ft void
 .Fn krb5_free_addresses "krb5_context context" "krb5_addresses *addresses"
 .Sh DESCRIPTION
-The 
+The
 .Fn krb5_free_addresses
 will free a list of addresses that has been created with
 .Fn krb5_get_all_client_addrs
-or with some other function. 
+or with some other function.
 .Sh SEE ALSO
 .Xr krb5_get_all_client_addrs 3

lib/krb5/krb5_free_principal.3

@@ -11,12 +11,12 @@
 .Ft void
 .Fn krb5_free_principal "krb5_context context" "krb5_principal principal"
 .Sh DESCRIPTION
-The 
+The
 .Fn krb5_free_principal
 will free a principal that has been created with
 .Fn krb5_build_principal ,
 .Fn krb5_parse_name ,
-or with some other function. 
+or with some other function.
 .Sh SEE ALSO
 .Xr krb5_425_conv_principal 3 ,
 .Xr krb5_build_principal 3 ,

lib/krb5/krb5_get_all_client_addrs.3

@@ -8,11 +8,11 @@
 .Sh SYNOPSIS
 .Fd #include <krb5.h>
 .Ft "krb5_error_code"
-.Fn krb5_get_all_client_addrs "krb5_context context" "krb5_addresses *addrs" 
+.Fn krb5_get_all_client_addrs "krb5_context context" "krb5_addresses *addrs"
 .Ft "krb5_error_code"
-.Fn krb5_get_all_server_addrs "krb5_context context" "krb5_addresses *addrs" 
+.Fn krb5_get_all_server_addrs "krb5_context context" "krb5_addresses *addrs"
 .Sh DESCRIPTION
-These functions return in 
+These functions return in
 .Fa addrs
 a list of addresses associated with the local
 host.
@@ -24,15 +24,15 @@ to create sockets to listen to.
 The client version will also scan local interfaces (can be turned off
 by setting
 .Li libdefaults/scan_interfaces
-to false in 
+to false in
-.Pa krb5.conf ) , 
+.Pa krb5.conf ) ,
 but will not include loop-back addresses, unless there are no other
 addresses found. It will remove all addresses included in
 .Li libdefaults/ignore_addresses
 but will unconditionally include addresses in
 .Li libdefaults/extra_addresses .
 .Pp
-The returned addresses should be freed by calling 
+The returned addresses should be freed by calling
 .Fn krb5_free_addresses .
 .\".Sh EXAMPLE
 .Sh SEE ALSO

lib/krb5/krb5_get_krbhst.3

@@ -26,21 +26,21 @@
 .Sh DESCRIPTION
 These functions implement the old API to get a list of Kerberos hosts,
 and are thus similar to the
-.Fn krb5_krbhst_init 
+.Fn krb5_krbhst_init
-functions. However, since these functions returns 
+functions. However, since these functions returns
 .Em all
 hosts in one go, they potentially have to do more lookups than
 necessary. These functions remain for compatibility reasons.
 .Pp
 After a call to one of these functions,
-.Fa hostlist 
+.Fa hostlist
 is a
 .Dv NULL
 terminated list of strings, pointing to the requested Kerberos hosts. These should be freed with
-.Fn krb5_free_krbhst 
+.Fn krb5_free_krbhst
 when done with.
 .Sh EXAMPLE
-The following code will print the KDCs of the realm 
+The following code will print the KDCs of the realm
 .Dq MY.REALM .
 .Bd -literal -offset indent
 char **hosts, **p;

lib/krb5/krb5_keytab.3

@@ -142,7 +142,7 @@ the default keytab is used. The current default type is
 .Nm file .
 The default value can be changed in the configuration file
 .Pa /etc/krb5.conf
-by setting the variable 
+by setting the variable
 .Li [defaults]default_keytab_name .
 .Pp
 The keytab types that are implemented in Heimdal
@@ -154,7 +154,7 @@ store the keytab in a file, the type's name is
 The residual part is a filename.
 .It Nm keyfile
 store the keytab in a
-.Li AFS 
+.Li AFS
 keyfile (usually
 .Pa /usr/afs/etc/KeyFile ) ,
 the type's name is
@@ -182,7 +182,7 @@ key-type, key, key-version number, etc.
 .Nm krb5_kt_cursor
 holds the current position that is used when iterating through a
 keytab entry with
-.Fn krb5_kt_start_seq_get , 
+.Fn krb5_kt_start_seq_get ,
 .Fn krb5_kt_next_entry ,
 and
 .Fn krb5_kt_end_seq_get .
@@ -195,19 +195,19 @@ implementation.
 .Fn krb5_kt_resolve
 is the equvalent of an
 .Xr open 2
-on keytab. Resolve the keytab name in 
+on keytab. Resolve the keytab name in
 .Fa name
-into a keytab in 
+into a keytab in
 .Fa id .
 Returns 0 or an error. The opposite of
-.Fn krb5_kt_resolve 
+.Fn krb5_kt_resolve
-is 
+is
 .Fn krb5_kt_close .
 .Fn krb5_kt_close
 frees all resources allocated to the keytab.
 .Pp
 .Fn krb5_kt_default
-sets the argument 
+sets the argument
 .Fa id
 to the default keytab.
 Returns 0 or an error.
@@ -215,27 +215,27 @@ Returns 0 or an error.
 .Fn krb5_kt_default_name
 copy the name of the default keytab into
 .Fa name .
-Return 0 or KRB5_CONFIG_NOTENUFSPACE if 
+Return 0 or KRB5_CONFIG_NOTENUFSPACE if
 .Fa namesize
 is too short.
 .Pp
 .Fn krb5_kt_add_entry
 Add a new
 .Fa entry
-to the keytab 
+to the keytab
 .Fa id .
 .Li KRB5_KT_NOWRITE
 is returned if the keytab is a readonly keytab.
 .Pp
 .Fn krb5_kt_compare
-compares the passed in 
+compares the passed in
 .Fa entry
 against
 .Fa principal ,
 .Fa vno ,
 and
 .Fa enctype .
-Any of 
+Any of
 .Fa principal ,
 .Fa vno
 or
@@ -244,52 +244,52 @@ might be 0 which acts as a wildcard. Return TRUE if they compare the
 same, FALSE otherwise.
 .Pp
 .Fn krb5_kt_copy_entry_contents
-copies the contents of 
+copies the contents of
 .Fa in
-into 
+into
 .Fa out .
 Returns 0 or an error.
 .Pp
 .Fn krb5_kt_get_name
-retrieves the name of the keytab 
+retrieves the name of the keytab
 .Fa keytab
-into 
+into
 .Fa name ,
 .Fa namesize .
 Returns 0 or an error.
 .Pp
 .Fn krb5_kt_free_entry
-frees the contents of 
+frees the contents of
 .Fa entry .
 .Pp
 .Fn krb5_kt_start_seq_get
 sets
 .Fa cursor
-to point at the beginning of 
+to point at the beginning of
 .Fa id .
 Returns 0 or an error.
 .Pp
 .Fn krb5_kt_next_entry
-gets the next entry from 
+gets the next entry from
 .Fa id
-pointed to by 
+pointed to by
 .Fa cursor
 and advance the
 .Fa cursor .
 Returns 0 or an error.
 .Pp
 .Fn krb5_kt_end_seq_get
-releases all resources associated with 
+releases all resources associated with
 .Fa cursor .
 .Pp
 .Fn krb5_kt_get_entry
-retrieves the keytab entry for 
+retrieves the keytab entry for
 .Fa principal ,
-.Fa kvno, 
+.Fa kvno,
 .Fa enctype
-into 
+into
 .Fa entry
-from the keytab 
+from the keytab
 .Fa id .
 Returns 0 or an error.
 .Pp
@@ -298,16 +298,16 @@ reads the key identified by
 .Ns ( Fa principal ,
 .Fa vno ,
 .Fa enctype )
-from the keytab in 
+from the keytab in
 .Fa keyprocarg
-(the default if == NULL) into 
+(the default if == NULL) into
 .Fa *key .
 Returns 0 or an error.
 .Pp
 .Fn krb5_kt_remove_entry
-removes the entry 
+removes the entry
 .Fa entry
-from the keytab 
+from the keytab
 .Fa id .
 Returns 0 or an error.
 .Pp
@@ -332,14 +332,14 @@ main (int argc, char **argv)
 
     if (krb5_init_context (&context) != 0)
 	errx(1, "krb5_context");
-    
+
     ret = krb5_kt_default (context, &keytab);
     if (ret)
 	krb5_err(context, 1, ret, "krb5_kt_default");
 
     ret = krb5_kt_start_seq_get(context, keytab, &cursor);
     if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_start_seq_get");	
+	krb5_err(context, 1, ret, "krb5_kt_start_seq_get");
     while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){
 	krb5_unparse_name_short(context, entry.principal, &principal);
 	printf("principal: %s\\n", principal);
@@ -348,7 +348,7 @@ main (int argc, char **argv)
     }
     ret = krb5_kt_end_seq_get(context, keytab, &cursor);
     if (ret)
-	krb5_err(context, 1, ret, "krb5_kt_end_seq_get");	
+	krb5_err(context, 1, ret, "krb5_kt_end_seq_get");
     krb5_free_context(context);
     return 0;
 }

lib/krb5/krb5_krbhst_init.3

@@ -36,10 +36,10 @@ administrative servers, the password changing servers, or the servers
 for Kerberos 4 ticket conversion.
 .Pp
 First a handle to a particular service is obtained by calling
-.Fn krb5_krbhst_init 
+.Fn krb5_krbhst_init
-with the 
+with the
 .Fa realm
-of interest and the type of service to lookup. The 
+of interest and the type of service to lookup. The
 .Fa type
 can be one of:
 .Pp
@@ -55,7 +55,7 @@ The
 is returned to the caller, and should be passed to the other
 functions.
 .Pp
-For each call to 
+For each call to
 .Fn krb5_krbhst_next
 information a new host is returned. The former function returns in
 .Fa host
@@ -73,7 +73,7 @@ typedef struct krb5_krbhst_info {
 } krb5_krbhst_info;
 .Ed
 .Pp
-The related function, 
+The related function,
 .Fn krb5_krbhst_next_as_string ,
 return the same information as a url-like string.
 .Pp
@@ -82,11 +82,11 @@ When there are no more hosts, these functions return
 .Pp
 To re-iterate over all hosts, call
 .Fn krb5_krbhst_reset
-and the next call to 
+and the next call to
 .Fn krb5_krbhst_next
 will return the first host.
 .Pp
-When done with the handle, 
+When done with the handle,
 .Fn krb5_krbhst_free
 should be called.
 .Pp
@@ -101,13 +101,13 @@ that will return a
 .Va struct addrinfo
 that can then be used for communicating with the server mentioned.
 .Sh EXAMPLE
-The following code will print the KDCs of the realm 
+The following code will print the KDCs of the realm
 .Dq MY.REALM .
 .Bd -literal -offset indent
 krb5_krbhst_handle handle;
 char host[MAXHOSTNAMELEN];
 krb5_krbhst_init(context, "MY.REALM", KRB5_KRBHST_KDC, &handle);
-while(krb5_krbhst_next_as_string(context, handle, 
+while(krb5_krbhst_next_as_string(context, handle,
 				 host, sizeof(host)) == 0)
     printf("%s\\n", host);
 krb5_krbhst_free(context, handle);

lib/krb5/krb5_openlog.3

@@ -12,14 +12,14 @@
 .Nm krb5_log ,
 .Nm krb5_vlog ,
 .Nm krb5_log_msg ,
-.Nm krb5_vlog_msg 
+.Nm krb5_vlog_msg
 .Nd Heimdal logging functions
 .Sh SYNOPSIS
 .Fd #include <krb5.h>
 .Ft "typedef void"
-.Fn "\*(lp*krb5_log_log_func_t\*(rp" "const char *time" "const char *message" "void *data" 
+.Fn "\*(lp*krb5_log_log_func_t\*(rp" "const char *time" "const char *message" "void *data"
 .Ft "typedef void"
-.Fn "\*(lp*krb5_log_close_func_t\*(rp" "void *data" 
+.Fn "\*(lp*krb5_log_close_func_t\*(rp" "void *data"
 .Ft krb5_error_code
 .Fn krb5_addlog_dest "krb5_context context" "krb5_log_facility *facility" "const char *destination"
 .Ft krb5_error_code
@@ -43,7 +43,7 @@ These functions logs messages to one or more destinations.
 .Pp
 The
 .Fn krb5_openlog
-function creates a logging 
+function creates a logging
 .Fa facility ,
 that is used to log messages. A facility consists of one or more
 destinations (which can be files or syslog or some other device). The
@@ -59,7 +59,7 @@ configuration file.  If no entry is found for
 the entry for
 .Li default
 is used, or if that is missing too,
-.Li SYSLOG 
+.Li SYSLOG
 will be used as destination.
 .Pp
 To close a logging facility, use the
@@ -72,7 +72,7 @@ To log a message to a facility use one of the functions
 .Fn krb5_vlog ,
 or
 .Fn krb5_vlog_msg .
-The functions ending in 
+The functions ending in
 .Li _msg
 return in
 .Fa reply
@@ -81,45 +81,45 @@ and should be freed with
 .Fn free .
 The
 .Fa format
-is a standard 
+is a standard
 .Fn printf
 style format string (but see the BUGS section).
 .Pp
-If you want better control of where things gets logged, you can instead of using 
+If you want better control of where things gets logged, you can instead of using
 .Fn krb5_openlog
-call 
+call
 .Fn krb5_initlog ,
 which just initializes a facility, but doesn't define any actual logging
 destinations. You can then add destinations with the
 .Fn krb5_addlog_dest
 and
-.Fn krb5_addlog_func 
+.Fn krb5_addlog_func
 functions.  The first of these takes a string specifying a logging
 destination, and adds this to the facility. If you want to do some
 non-standard logging you can use the
 .Fn krb5_addlog_func
 function, which takes a function to use when logging.
-The 
+The
 .Fa log
 function is called for each message with
 .Fa time
 being a string specifying the current time, and
 .Fa message
-the message to log. 
+the message to log.
 .Fa close
-is called when the facility is closed. You can pass application specific data in the 
+is called when the facility is closed. You can pass application specific data in the
-.Fa data 
+.Fa data
 parameter. The
 .Fa min
-and 
+and
 .Fa max
 parameter are the same as in a destination (defined below). To specify a
 max of infinity, pass -1.
 .Pp
 .Fn krb5_openlog
-calls 
+calls
 .Fn krb5_initlog
-and then calls 
+and then calls
 .Fn krb5_addlog_dest
 for each destination found.
 .Ss Destinations
@@ -148,9 +148,9 @@ get the name for one of these, you take the name of the macro passed
 to
 .Xr syslog 3 ,
 and remove the leading
-.Li LOG_ 
+.Li LOG_
 .No ( Li LOG_NOTICE
-becomes 
+becomes
 .Li NOTICE ) .
 The default values (as well as the values used for unrecognised
 values), are
@@ -182,8 +182,8 @@ specified value. If no range is specified, all messages gets logged.
 	default = STDERR
 .Ed
 .Pp
-This will log all messages from the 
+This will log all messages from the
-.Nm kdc 
+.Nm kdc
 program with level 0 to
 .Pa /var/log/kdc.log ,
 other messages will be logged to syslog with priority

lib/krb5/krb5_parse_name.3

@@ -15,12 +15,12 @@
 converts a string representation of a princpal name to
 .Nm krb5_principal .
 The
-.Fa principal 
+.Fa principal
 will point to allocated data that should be freed with
 .Fn krb5_free_principal .
 .Pp
 The string should consist of one or more name components separated with slashes
-.Pq Dq / , 
+.Pq Dq / ,
 optionally followed with an
 .Dq @
 and a realm name. A slash or @ may be contained in a name component by

lib/krb5/krb5_principal_get_realm.3

@@ -20,24 +20,24 @@ either the realm or a specific component. The returned string points
 to data inside the principal, so they are valid only as long as the
 principal exists.
 .Pp
-The 
+The
 .Fa component
 argument to
 .Fn krb5_principal_get_comp_string
 is the component number to return, from zero to the total number of
-components minus one. If a the requested component number is out of range, 
+components minus one. If a the requested component number is out of range,
 .Dv NULL
 is returned.
 .Pp
-These functions can be seen as a replacement for the 
+These functions can be seen as a replacement for the
 .Fn krb5_princ_realm ,
 .Fn krb5_princ_component
 and related macros, described as intermal in the MIT API
 specification. A difference is that these functions return strings,
 not
 .Dv krb5_data .
-A reason to return 
+A reason to return
-.Dv krb5_data 
+.Dv krb5_data
 was that it was believed that principal components could contain
 binary data, but this belief was unfounded, and it has been decided
 that principal components are infact UTF8, so it's safe to use zero

lib/krb5/krb5_sname_to_principal.3

@@ -14,30 +14,30 @@
 .Ft krb5_error_code
 .Fn krb5_sock_to_principal "krb5_context context" "int socket" "const char *sname" "int32_t type" "krb5_principal *principal"
 .Sh DESCRIPTION
-These functions create a 
+These functions create a
 .Dq service
 principal that can, for instance, be used to lookup a key in a keytab. For both these function the
-.Fa sname 
+.Fa sname
-parameter will be used for the first component of the created principal. If 
+parameter will be used for the first component of the created principal. If
 .Fa sname
 is
 .Dv NULL ,
 .Dq host
 will be used instead.
-.Fn krb5_sname_to_principal 
+.Fn krb5_sname_to_principal
-will use the passed 
+will use the passed
 .Fa hostname
-for the second component. If type 
+for the second component. If type
 .Dv KRB5_NT_SRV_HST
 this name will be looked up with
 .Fn gethostbyname .
-If 
+If
 .Fa hostname is
 .Dv NULL ,
 the local hostname will be used.
 .Pp
-.Fn krb5_sock_to_principal 
+.Fn krb5_sock_to_principal
-will use the 
+will use the
 .Dq sockname
 of the passed
 .Fa socket ,

lib/krb5/krb5_timeofday.3

@@ -8,9 +8,9 @@
 .Sh SYNOPSIS
 .Fd #include <krb5.h>
 .Ft "krb5_error_code"
-.Fn krb5_timeofday "krb5_context context" "krb5_timestamp *timeret" 
+.Fn krb5_timeofday "krb5_context context" "krb5_timestamp *timeret"
 .Ft "krb5_error_code"
-.Fn krb5_us_timeofday "krb5_context context" "int32_t *sec" "int32_t *usec" 
+.Fn krb5_us_timeofday "krb5_context context" "int32_t *sec" "int32_t *usec"
 .Sh DESCRIPTION
 .Fn krb5_timeofday
 returns the current time, but adjusted with the time difference

lib/krb5/krb5_unparse_name.3

@@ -18,7 +18,7 @@ This function takes a
 .Fa principal ,
 and will convert in to a printable representation with the same syntax as decribed in
 .Xr krb5_parse_name 3 .
-.Fa *name 
+.Fa *name
 will point to allocated data and should be freed by the caller.
 .Sh SEE ALSO
 .Xr krb5_425_conv_principal 3 ,

lib/krb5/krb5_verify_user.3

@@ -16,7 +16,7 @@
 .Sh DESCRIPTION
 The
 .Nm krb5_verify_user
-function verifies the password supplied by a user. 
+function verifies the password supplied by a user.
 The principal whose
 password will be verified is specified in
 .Fa principal .
@@ -43,7 +43,7 @@ The
 function does the same, except that it ignores the realm in
 .Fa principal
 and tries all the local realms (see
-.Xr krb5.conf 5 ) . 
+.Xr krb5.conf 5 ) .
 After a successful return, the principal is set to the authenticated
 realm. If the call fails, the principal will not be meaningful, and
 should only be freed with
@@ -78,7 +78,7 @@ main(int argc, char **argv)
     error = krb5_verify_user(context, princ, NULL, NULL, TRUE, NULL);
     if (error)
         krb5_err(context, 1, error, "krb5_verify_user");
-	
+
     return 0;
 }
 .Ed

lib/krb5/krb5_warn.3

@@ -40,7 +40,7 @@ These functions prints a warning message to some destination.
 is a printf style format specifying the message to print. The forms not ending in an
 .Dq x
 prints the error string associated with
-.Fa code 
+.Fa code
 along with the message.
 The
 .Dq err
@@ -50,7 +50,7 @@ after printing the message.
 .Pp
 The
 .Fn krb5_set_warn_func
-function sets the destination for warning messages to the specified 
+function sets the destination for warning messages to the specified
 .Fa facility .
 Messages logged with the
 .Dq warn

lib/krb5/verify_krb5_conf.8

@@ -17,11 +17,11 @@ or the file given on the command line,
 and parses it, thereby verifying that the syntax is not correctly wrong.
 .Pp
 If the file is syntactically correct,
-.Nm 
+.Nm
 tries to verify that the contents of the file is of relevant nature.
 .Sh DIAGNOSTICS
-Possible output from 
+Possible output from
-.Nm 
+.Nm
 include:
 .Bl -tag -width "<path>"
 .It "<path>: failed to parse <something> as size/time/number/boolean"
@@ -36,7 +36,7 @@ recognised as one.
 .It <path>: unknown or wrong type
 Means that <path> is either is a string when it should be a list, vice
 versa, or just that
-.Nm 
+.Nm
 is confused.
 .It <path>: unknown entry
 Means that <string> is not known by

lib/roken/getarg.3

@@ -4,7 +4,7 @@
 .Dt GETARG 3
 .Os ROKEN
 .Sh NAME
-.Nm getarg , 
+.Nm getarg ,
 .Nm arg_printusage
 .Nd collect command line options
 .Sh SYNOPSIS
@@ -15,12 +15,12 @@
 .Fn arg_printusage "struct getargs *args" "size_t num_args" "const char *progname" "const char *extra_string"
 .Sh DESCRIPTION
 .Fn getarg
-collects any command line options given to a program in an easily used way. 
+collects any command line options given to a program in an easily used way.
-.Fn arg_printusage 
+.Fn arg_printusage
 pretty-prints the available options, with a short help text.
 .Pp
 .Fa args
-is the option specification to use, and it's an array of 
+is the option specification to use, and it's an array of
 .Fa struct getargs
 elements.
 .Fa num_args
@@ -43,7 +43,7 @@ and
 .Fa num_args
 as getarg;
 .Fa progname
-is the name of the program (to be used in the help text), and 
+is the name of the program (to be used in the help text), and
 .Fa extra_string
 is a string to print after the actual options to indicate more
 arguments. The usefulness of this function is realised only be people
@@ -57,10 +57,10 @@ struct has the following elements.
 struct getargs{
     const char *long_name;
     char short_name;
-    enum { arg_integer, 
+    enum { arg_integer,
-	   arg_string, 
+	   arg_string,
-	   arg_flag, 
+	   arg_flag,
-	   arg_negative_flag, 
+	   arg_negative_flag,
 	   arg_strings,
 	   arg_double,
            arg_collect
@@ -72,14 +72,14 @@ struct getargs{
 .Ed
 .Pp
 .Fa long_name
-is the long name of the option, it can be 
+is the long name of the option, it can be
 .Dv NULL ,
 if you don't want a long name.
-.Fa short_name 
+.Fa short_name
 is the characted to use as short option, it can be zero. If the option
 has a value the
 .Fa value
-field gets filled in with that value interpreted as specified by the 
+field gets filled in with that value interpreted as specified by the
 .Fa type
 field.
 .Fa help
@@ -107,13 +107,13 @@ should point to a
 the argument is a flag, and
 .Fa value
 should point to a
-.Fa int . 
+.Fa int .
 It gets filled in with either zero or one, depending on how the option
 is given, the normal case beeing one. Note that if the option isn't
 given, the value isn't altered, so it should be initialised to some
 useful default.
 .It Fa arg_negative_flag
-this is the same as 
+this is the same as
 .Fa arg_flag
 but it reverses the meaning of the flag (a given short option clears
 the flag), and the synopsis of a long option is negated.
@@ -121,7 +121,7 @@ the flag), and the synopsis of a long option is negated.
 the argument can be given multiple times, and the values are collected
 in an array;
 .Fa value
-should be a pointer to a 
+should be a pointer to a
 .Fa struct getarg_strings
 structure, which holds a length and a string pointer.
 .It Fa arg_double
@@ -132,7 +132,7 @@ should point to a
 .It Fa arg_collect
 allows more fine-grained control of the option parsing process.
 .Fa value
-should be a pointer to a 
+should be a pointer to a
 .Fa getarg_collect_info
 structure:
 .Bd -literal
@@ -151,7 +151,7 @@ typedef struct getarg_collect_info {
 .Pp
 With the
 .Fa func
-member set to a function to call, and 
+member set to a function to call, and
 .Fa data
 to some application specific data. The parameters to the collect function are:
 .Bl -inset
@@ -169,27 +169,27 @@ application specific data
 .Pp
 You can modify
 .Fa *optind ,
-and 
+and
 .Fa *optarg ,
 but to do this correct you (more or less) have to know about the inner
 workings of getarg.
-.Pp 
+.Pp
 You can skip parts of arguments by increasing
 .Fa *optarg
 (you could
-implement the 
+implement the
 .Fl z Ns Ar 3
 set of flags from
 .Nm gzip
 with this), or whole argument strings by increasing
 .Fa *optind
-(let's say you want a flag 
+(let's say you want a flag
 .Fl c Ar x y z
 to specify a coordinate); if you also have to set
 .Fa *optarg
 to a sane value.
 .Pp
-The collect function should return one of 
+The collect function should return one of
 .Dv ARG_ERR_NO_MATCH , ARG_ERR_BAD_ARG , ARG_ERR_NO_ARG
 on error, zero otherwise.
 .Pp
@@ -201,7 +201,7 @@ arguments, sans data, that where given to the collection function.
 Don't use this more this unless you absolutely have to.
 .El
 .Pp
-Option parsing is similar to what 
+Option parsing is similar to what
 .Xr getopt
 uses. Short options without arguments can be compressed
 .Pf ( Fl xyz
@@ -217,18 +217,18 @@ or
 Long option names are prefixed with -- (double dash), and the value
 with a = (equal),
 .Fl -foo= Ns Ar bar .
-Long option flags can either be specified as they are 
+Long option flags can either be specified as they are
 .Pf ( Fl -help ) ,
 or with an (boolean parsable) option
 .Pf ( Fl -help= Ns Ar yes ,
 .Fl -help= Ns Ar true ,
-or similar), or they can also be negated 
+or similar), or they can also be negated
 .Pf ( Fl -no-help
-is the same as 
+is the same as
 .Fl -help= Ns no ) ,
 and if you're really confused you can do it multiple times
 .Pf ( Fl -no-no-help= Ns Ar false ,
-or even 
+or even
 .Fl -no-no-help= Ns Ar maybe ) .
 .Sh EXAMPLE
 .Bd -literal
@@ -243,13 +243,13 @@ int include_catalog = 1;
 int help_flag;
 
 struct getargs args[] = {
-    { "source",      's', arg_string,  &source, 
+    { "source",      's', arg_string,  &source,
       "source of shippment", "city" },
-    { "destination", 'd', arg_string,  &destination, 
+    { "destination", 'd', arg_string,  &destination,
       "destination of shippment", "city" },
-    { "weight",      'w', arg_integer, &weight, 
+    { "weight",      'w', arg_integer, &weight,
       "weight of shippment", "tons" },
-    { "catalog",     'c', arg_negative_flag, &include_catalog, 
+    { "catalog",     'c', arg_negative_flag, &include_catalog,
       "include product catalog" },
     { "help",        'h', arg_flag, &help_flag }
 };
@@ -285,7 +285,7 @@ main(int argc, char **argv)
 .Pp
 The output help output from this program looks like this:
 .Bd -literal
-$ ship++ --help                                            
+$ ship++ --help
 Usage: ship++ [--source=city] [-s city] [--destination=city] [-d city]
    [--weight=tons] [-w tons] [--no-catalog] [-c] [--help] [-h] stuff...
 -s city, --source=city      source of shippment
@@ -297,7 +297,7 @@ Usage: ship++ [--source=city] [-s city] [--destination=city] [-d city]
 It should be more flexible, so it would be possible to use other more
 complicated option syntaxes, such as what
 .Xr ps 1 ,
-and 
+and
 .Xr tar 1 ,
 uses, or the AFS model where you can skip the flag names as long as
 the options come in the correct order.