From db8e287e41e72617c3306f1c5c7f63031590a93b Mon Sep 17 00:00:00 2001 From: Thomas Klausner Date: Sat, 21 May 2011 18:42:36 +0200 Subject: [PATCH] Use "Fl Fl" for long options. Signed-off-by: Love Hornquist Astrand --- admin/ktutil.8 | 46 ++++++------ appl/afsutil/afslog.1 | 44 +++++------ appl/afsutil/pagsh.1 | 14 ++-- appl/ftp/ftp/ftp.1 | 8 +- appl/ftp/ftpd/ftpd.8 | 16 ++-- appl/kf/kf.1 | 18 ++--- appl/kf/kfd.8 | 10 +-- appl/popper/popper.8 | 4 +- appl/push/pfrom.1 | 10 +-- appl/push/push.8 | 26 +++---- appl/rsh/rsh.1 | 30 ++++---- appl/rsh/rshd.8 | 14 ++-- appl/su/su.1 | 16 ++-- kadmin/kadmin.8 | 102 ++++++++++++------------- kadmin/kadmind.8 | 28 +++---- kcm/kcm.8 | 72 +++++++++--------- kdc/hprop.8 | 42 +++++------ kdc/hpropd.8 | 24 +++--- kdc/kdc.8 | 54 +++++++------- kdc/kstash.8 | 26 +++---- kdc/string2key.8 | 32 ++++---- kpasswd/kpasswd.1 | 6 +- kpasswd/kpasswdd.8 | 28 +++---- kuser/copy_cred_cache.1 | 26 +++---- kuser/kdestroy.1 | 20 ++--- kuser/kdigest.8 | 162 ++++++++++++++++++++-------------------- kuser/kgetcred.1 | 24 +++--- kuser/kimpersonate.8 | 44 +++++------ kuser/kinit.1 | 88 +++++++++++----------- kuser/klist.1 | 30 ++++---- kuser/kswitch.1 | 24 +++--- lib/kadm5/iprop-log.8 | 50 ++++++------- lib/roken/getarg.3 | 16 ++-- lib/roken/getarg.c | 6 +- tools/krb5-config.1 | 16 ++-- 35 files changed, 588 insertions(+), 588 deletions(-) diff --git a/admin/ktutil.8 b/admin/ktutil.8 index 1796b8f32..0b6e095cf 100644 --- a/admin/ktutil.8 +++ b/admin/ktutil.8 @@ -40,12 +40,12 @@ .Sh SYNOPSIS .Nm .Oo Fl k Ar keytab \*(Ba Xo -.Fl -keytab= Ns Ar keytab +.Fl Fl keytab= Ns Ar keytab .Xc .Oc -.Op Fl v | Fl -verbose -.Op Fl -version -.Op Fl h | Fl -help +.Op Fl v | Fl Fl verbose +.Op Fl Fl version +.Op Fl h | Fl Fl help .Ar command .Op Ar args .Sh DESCRIPTION @@ -53,27 +53,27 @@ is a program for managing keytabs. Supported options: .Bl -tag -width Ds -.It Fl v , Fl -verbose +.It Fl v , Fl Fl verbose Verbose output. .El .Pp .Ar command can be one of the following: .Bl -tag -width srvconvert -.It add Oo Fl p Ar principal Oc Oo Fl -principal= Ns Ar principal Oc \ -Oo Fl V Ar kvno Oc Oo Fl -kvno= Ns Ar kvno Oc Oo Fl e Ar enctype Oc \ -Oo Fl -enctype= Ns Ar enctype Oc Oo Fl w Ar password Oc \ -Oo Fl -password= Ns Ar password Oc Oo Fl r Oc Oo Fl -random Oc \ -Oo Fl s Oc Oo Fl -no-salt Oc Oo Fl H Oc Op Fl -hex +.It add Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \ +Oo Fl V Ar kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e Ar enctype Oc \ +Oo Fl Fl enctype= Ns Ar enctype Oc Oo Fl w Ar password Oc \ +Oo Fl Fl password= Ns Ar password Oc Oo Fl r Oc Oo Fl Fl random Oc \ +Oo Fl s Oc Oo Fl Fl no-salt Oc Oo Fl H Oc Op Fl Fl hex Adds a key to the keytab. Options that are not specified will be prompted for. This requires that you know the password or the hex key of the principal to add; if what you really want is to add a new principal to the keytab, you should consider the .Ar get command, which talks to the kadmin server. -.It change Oo Fl r Ar realm Oc Oo Fl -realm= Ns Ar realm Oc \ -Oo Fl -a Ar host Oc Oo Fl -admin-server= Ns Ar host Oc \ -Oo Fl -s Ar port Oc Op Fl -server-port= Ns Ar port +.It change Oo Fl r Ar realm Oc Oo Fl Fl realm= Ns Ar realm Oc \ +Oo Fl Fl a Ar host Oc Oo Fl Fl admin-server= Ns Ar host Oc \ +Oo Fl Fl s Ar port Oc Op Fl Fl server-port= Ns Ar port Update one or several keys to new versions. By default, use the admin server for the realm of a keytab entry. Otherwise it will use the values specified by the options. @@ -85,11 +85,11 @@ Copies all the entries from to .Ar keytab-dest . .It get Oo Fl p Ar admin principal Oc \ -Oo Fl -principal= Ns Ar admin principal Oc Oo Fl e Ar enctype Oc \ -Oo Fl -enctypes= Ns Ar enctype Oc Oo Fl r Ar realm Oc \ -Oo Fl -realm= Ns Ar realm Oc Oo Fl a Ar admin server Oc \ -Oo Fl -admin-server= Ns Ar admin server Oc Oo Fl s Ar server port Oc \ -Oo Fl -server-port= Ns Ar server port Oc Ar principal ... +Oo Fl Fl principal= Ns Ar admin principal Oc Oo Fl e Ar enctype Oc \ +Oo Fl Fl enctypes= Ns Ar enctype Oc Oo Fl r Ar realm Oc \ +Oo Fl Fl realm= Ns Ar realm Oc Oo Fl a Ar admin server Oc \ +Oo Fl Fl admin-server= Ns Ar admin server Oc Oo Fl s Ar server port Oc \ +Oo Fl Fl server-port= Ns Ar server port Oc Ar principal ... For each .Ar principal , generate a new key for it (creating it if it doesn't already exist), @@ -99,11 +99,11 @@ If no .Ar realm is specified, the realm to operate on is taken from the first principal. -.It list Oo Fl -keys Oc Op Fl -timestamp +.It list Oo Fl Fl keys Oc Op Fl Fl timestamp List the keys stored in the keytab. -.It remove Oo Fl p Ar principal Oc Oo Fl -principal= Ns Ar principal Oc \ -Oo Fl V kvno Oc Oo Fl -kvno= Ns Ar kvno Oc Oo Fl e enctype Oc \ -Oo Fl -enctype= Ns Ar enctype Oc +.It remove Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \ +Oo Fl V kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e enctype Oc \ +Oo Fl Fl enctype= Ns Ar enctype Oc Removes the specified key or keys. Not specifying a .Ar kvno removes keys with any version number. Not specifying an @@ -114,7 +114,7 @@ Renames all entries in the keytab that match the .Ar from-principal to .Ar to-principal . -.It purge Op Fl -age= Ns Ar age +.It purge Op Fl Fl age= Ns Ar age Removes all old versions of a key for which there is a newer version that is at least .Ar age diff --git a/appl/afsutil/afslog.1 b/appl/afsutil/afslog.1 index 707798cf9..41a8be74d 100644 --- a/appl/afsutil/afslog.1 +++ b/appl/afsutil/afslog.1 @@ -40,27 +40,27 @@ obtain AFS tokens .Sh SYNOPSIS .Nm -.Op Fl h | Fl -help -.Op Fl -no-v4 -.Op Fl -no-v5 -.Op Fl u | Fl -unlog -.Op Fl v | Fl -verbose -.Op Fl -version +.Op Fl h | Fl Fl help +.Op Fl Fl no-v4 +.Op Fl Fl no-v5 +.Op Fl u | Fl Fl unlog +.Op Fl v | Fl Fl verbose +.Op Fl Fl version .Oo Fl c Ar cell \*(Ba Xo -.Fl -cell= Ns Ar cell +.Fl Fl cell= Ns Ar cell .Xc .Oc .Oo Fl k Ar realm \*(Ba Xo -.Fl -realm= Ns Ar realm +.Fl Fl realm= Ns Ar realm .Xc .Oc .Oo Fl P Ar principal \*(Ba Xo -.Fl -principal= Ns Ar principal +.Fl Fl principal= Ns Ar principal .Xc .Oc .Bk -words .Oo Fl p Ar path \*(Ba Xo -.Fl -file= Ns Ar path +.Fl Fl file= Ns Ar path .Xc .Oc .Ek @@ -77,51 +77,51 @@ decides upon. .Pp Supported options: .Bl -tag -width Ds -.It Fl -no-v4 +.It Fl Fl no-v4 This makes .Nm not try using Kerberos 4. -.It Fl -no-v5 +.It Fl Fl no-v5 This makes .Nm not try using Kerberos 5. .It Xo .Fl P Ar principal , -.Fl -principal Ar principal +.Fl Fl principal Ar principal .Xc select what Kerberos 5 principal to use. -.It Fl -cache Ar cache +.It Fl Fl cache Ar cache select what Kerberos 5 credential cache to use. -.Fl -principal +.Fl Fl principal overrides this option. .It Xo .Fl u , -.Fl -unlog +.Fl Fl unlog .Xc Destroy tokens instead of obtaining new. If this is specified, all other options are ignored (except for -.Fl -help +.Fl Fl help and -.Fl -version ) . +.Fl Fl version ) . .It Xo .Fl v , -.Fl -verbose +.Fl Fl verbose .Xc Adds more verbosity for what is actually going on. .It Xo .Fl c Ar cell, -.Fl -cell= Ns Ar cell +.Fl Fl cell= Ns Ar cell .Xc This specified one or more cell names to get tokens for. .It Xo .Fl k Ar realm , -.Fl -realm= Ns Ar realm +.Fl Fl realm= Ns Ar realm .Xc This is the Kerberos realm the AFS servers live in, this should normally not be specified. .It Xo .Fl p Ar path , -.Fl -file= Ns Ar path +.Fl Fl file= Ns Ar path .Xc This specified one or more file paths for which tokens should be obtained. diff --git a/appl/afsutil/pagsh.1 b/appl/afsutil/pagsh.1 index fb819b512..bf0ee6781 100644 --- a/appl/afsutil/pagsh.1 +++ b/appl/afsutil/pagsh.1 @@ -41,9 +41,9 @@ creates a new credential cache sandbox .Sh SYNOPSIS .Nm .Op Fl c Ar command-string -.Op Fl h | Fl -help -.Op Fl -version -.Op Fl -cache-type= Ns Ar string +.Op Fl h | Fl Fl help +.Op Fl Fl version +.Op Fl Fl cache-type= Ns Ar string .Ar command [args...] .Sh DESCRIPTION Supported options: @@ -54,14 +54,14 @@ Executes command(s) contained in .Ar command-string . .Xc .It Xo -.Fl -cache-type= Ns Ar string +.Fl Fl cache-type= Ns Ar string .Xc .It Xo .Fl h , -.Fl -help +.Fl Fl help .Xc .It Xo -.Fl -version +.Fl Fl version .Xc .El .Pp @@ -75,7 +75,7 @@ the credential cache type that was used at the time of .Nm invocation. The credential cache type can be controlled by the option -.Fl -cache-type . +.Fl Fl cache-type . .Sh EXAMPLES Create a new sandbox where new credentials can be used, while the old credentials can be used by other processes. diff --git a/appl/ftp/ftp/ftp.1 b/appl/ftp/ftp/ftp.1 index 5b8b8f642..b0a837d86 100644 --- a/appl/ftp/ftp/ftp.1 +++ b/appl/ftp/ftp/ftp.1 @@ -53,8 +53,8 @@ file transfer program .Op Fl t .Op Fl v .Op Fl x -.Op Fl -no-gss-bindings -.Op Fl -no-gss-delegate +.Op Fl Fl no-gss-bindings +.Op Fl Fl no-gss-delegate .Op Ar host .Sh DESCRIPTION .Nm @@ -103,10 +103,10 @@ Turn on passive mode. Enables debugging. .It Fl g Disables file name globbing. - .It Fl -no-gss-bindings + .It Fl Fl no-gss-bindings Don't use GSS-API bindings when talking to peer. IP addresses will not be checked to ensure they match. -.It Fl -no-gss-delegate +.It Fl Fl no-gss-delegate Disable delegation of GSSAPI credentials. .It Fl l Disables command line editing. diff --git a/appl/ftp/ftpd/ftpd.8 b/appl/ftp/ftpd/ftpd.8 index 0dfed9f75..b025b1ecd 100644 --- a/appl/ftp/ftpd/ftpd.8 +++ b/appl/ftp/ftpd/ftpd.8 @@ -47,11 +47,11 @@ .Op Fl p Ar port .Op Fl T Ar maxtimeout .Op Fl t Ar timeout -.Op Fl -gss-bindings -.Op Fl I | Fl -no-insecure-oob +.Op Fl Fl gss-bindings +.Op Fl I | Fl Fl no-insecure-oob .Op Fl u Ar default umask -.Op Fl B | Fl -builtin-ls -.Op Fl -good-chars= Ns Ar string +.Op Fl B | Fl Fl builtin-ls +.Op Fl Fl good-chars= Ns Ar string .Sh DESCRIPTION .Nm Ftpd is the @@ -101,7 +101,7 @@ Debugging information is written to the syslog using LOG_FTP. .It Fl g Anonymous users will get a umask of .Ar umask . -.It Fl -gss-bindings +.It Fl Fl gss-bindings require the peer to use GSS-API bindings (ie make sure IP addresses match). .It Fl i Open a socket and wait for a connection. This is mainly used for @@ -144,16 +144,16 @@ revert to the old behavior. Verbose mode. .It Xo .Fl B , -.Fl -builtin-ls +.Fl Fl builtin-ls .Xc use built-in ls to list files .It Xo -.Fl -good-chars= Ns Ar string +.Fl Fl good-chars= Ns Ar string .Xc allowed anonymous upload filename chars .It Xo .Fl I -.Fl -no-insecure-oob +.Fl Fl no-insecure-oob .Xc don't allow insecure out of band. Heimdal ftp clients before 0.6.3 doesn't support secure oob, so turning diff --git a/appl/kf/kf.1 b/appl/kf/kf.1 index c43026d75..92261a8bf 100644 --- a/appl/kf/kf.1 +++ b/appl/kf/kf.1 @@ -41,20 +41,20 @@ .Nm .Oo .Fl p Ar port | -.Fl -port Ns = Ns Ar port +.Fl Fl port Ns = Ns Ar port .Oc .Oo .Fl l Ar login | -.Fl -login Ns = Ns Ar login +.Fl Fl login Ns = Ns Ar login .Oc .Oo .Fl c Ar ccache | -.Fl -ccache Ns = Ns Ar ccache +.Fl Fl ccache Ns = Ns Ar ccache .Oc .Op Fl F | -forwardable .Op Fl G | -no-forwardable .Op Fl h | -help -.Op Fl -version +.Op Fl Fl version .Ar host ... .Sh DESCRIPTION The @@ -65,17 +65,17 @@ Options supported are: .Bl -tag -width indent .It Xo .Fl p Ar port , -.Fl -port Ns = Ns Ar port +.Fl Fl port Ns = Ns Ar port .Xc port to connect to .It Xo .Fl l Ar login , -.Fl -login Ns = Ns Ar login +.Fl Fl login Ns = Ns Ar login .Xc remote login name .It Xo .Fl c Ar ccache , -.Fl -ccache Ns = Ns Ar ccache +.Fl Fl ccache Ns = Ns Ar ccache .Xc remote cred cache .It Fl F , -forwardable @@ -83,7 +83,7 @@ forward forwardable credentials .It Fl G , -no-forwardable do not forward forwardable credentials .It Fl h , -help -.It Fl -version +.It Fl Fl version .El .Pp .Nm @@ -94,7 +94,7 @@ In order for .Nm to work you will need to acquire your initial ticket with forwardable flag, i.e. -.Nm kinit Fl -forwardable . +.Nm kinit Fl Fl forwardable . .Pp .Nm telnet is able to forward tickets by itself. diff --git a/appl/kf/kfd.8 b/appl/kf/kfd.8 index 847e24083..244f3c884 100644 --- a/appl/kf/kfd.8 +++ b/appl/kf/kfd.8 @@ -41,15 +41,15 @@ .Nm .Oo .Fl p Ar port | -.Fl -port Ns = Ns Ar port +.Fl Fl port Ns = Ns Ar port .Oc .Op Fl i | -inetd .Oo .Fl R Ar regpag | -.Fl -regpag Ns = Ns Ar regpag +.Fl Fl regpag Ns = Ns Ar regpag .Oc .Op Fl h | -help -.Op Fl -version +.Op Fl Fl version .Sh DESCRIPTION This is the daemon for .Xr kf 1 . @@ -57,14 +57,14 @@ Supported options: .Bl -tag -width indent .It Xo .Fl p Ar port , -.Fl -port Ns = Ns Ar port +.Fl Fl port Ns = Ns Ar port .Xc port to listen to .It Fl i , -inetd not started from inetd .It Xo .Fl R Ar regpag , -.Fl -regpag= Ns Ar regpag +.Fl Fl regpag= Ns Ar regpag .Xc path to regpag binary .El diff --git a/appl/popper/popper.8 b/appl/popper/popper.8 index a6515a0cb..f76360e76 100644 --- a/appl/popper/popper.8 +++ b/appl/popper/popper.8 @@ -47,7 +47,7 @@ POP3 server .Op Fl d .Op Fl i .Op Fl p Ar port -.Op Fl -address-log= Ns Pa file +.Op Fl Fl address-log= Ns Pa file .Sh DESCRIPTION .Nm serves mail via the Post Office Protocol. Supported options include: @@ -60,7 +60,7 @@ which authentication mode is acceptable, enables SASL (RFC2222), and .Ar otp enables OTP (RFC1938) authentication. Both disable plaintext passwords. -.It Fl -address-log= Ns Pa file +.It Fl Fl address-log= Ns Pa file Logs the addresses (along with a timestamp) of all clients to the specified file. This can be used to implement POP-before-SMTP authentication. diff --git a/appl/push/pfrom.1 b/appl/push/pfrom.1 index c3878c2b2..1210a6f33 100644 --- a/appl/push/pfrom.1 +++ b/appl/push/pfrom.1 @@ -39,13 +39,13 @@ .Nd "fetch a list of the current mail via POP" .Sh SYNOPSIS .Nm -.Op Fl 4 | Fl -krb4 -.Op Fl 5 | Fl -krb5 -.Op Fl v | Fl -verbose +.Op Fl 4 | Fl Fl krb4 +.Op Fl 5 | Fl Fl krb5 +.Op Fl v | Fl Fl verbose .Op Fl c | -count -.Op Fl -header +.Op Fl Fl header .Oo Fl p Ar port-spec \*(Ba Xo -.Fl -port= Ns Ar port-spec +.Fl Fl port= Ns Ar port-spec .Xc .Oc .Sh DESCRIPTION diff --git a/appl/push/push.8 b/appl/push/push.8 index 32a9eb351..557a7bb74 100644 --- a/appl/push/push.8 +++ b/appl/push/push.8 @@ -8,15 +8,15 @@ .Nd fetch mail via POP .Sh SYNOPSIS .Nm -.Op Fl 5 | Fl -krb5 -.Op Fl v | Fl -verbose -.Op Fl f | Fl -fork +.Op Fl 5 | Fl Fl krb5 +.Op Fl v | Fl Fl verbose +.Op Fl f | Fl Fl fork .Op Fl l | -leave -.Op Fl -from +.Op Fl Fl from .Op Fl c | -count -.Op Fl -headers Ns = Ns Ar headers +.Op Fl Fl headers Ns = Ns Ar headers .Oo Fl p Ar port-spec \*(Ba Xo -.Fl -port Ns = Ns Ar port-spec +.Fl Fl port Ns = Ns Ar port-spec .Xc .Oc .Ar po-box @@ -51,35 +51,35 @@ Supported options: .Bl -tag -width Ds .It Xo .Fl 5 , -.Fl -krb5 +.Fl Fl krb5 .Xc use Kerberos 5 (if compiled with support for Kerberos 5) .It Xo .Fl f , -.Fl -fork +.Fl Fl fork .Xc fork before starting to delete messages .It Xo .Fl l , -.Fl -leave +.Fl Fl leave .Xc don't delete fetched mail .It Xo -.Fl -from +.Fl Fl from .Xc behave like from. .It Xo .Fl c , -.Fl -count +.Fl Fl count .Xc first print how many messages and bytes there are. .It Xo -.Fl -headers Ns = Ns Ar headers +.Fl Fl headers Ns = Ns Ar headers .Xc a list of comma-separated headers that should get printed. .It Xo .Fl p Ar port-spec , -.Fl -port Ns = Ns Ar port-spec +.Fl Fl port Ns = Ns Ar port-spec .Xc use this port instead of the default .Ql kpop diff --git a/appl/rsh/rsh.1 b/appl/rsh/rsh.1 index b5e96637e..295a94ec0 100644 --- a/appl/rsh/rsh.1 +++ b/appl/rsh/rsh.1 @@ -63,7 +63,7 @@ Valid options are: .Bl -tag -width Ds .It Xo .Fl 4 , -.Fl -krb4 +.Fl Fl krb4 .Xc The .Fl 4 @@ -72,7 +72,7 @@ authentication mechanisms will be tried, but in some cases more explicit control is desired. .It Xo .Fl 5 , -.Fl -krb5 +.Fl Fl krb5 .Xc The .Fl 5 @@ -81,7 +81,7 @@ option requests Kerberos 5 authentication. This is analogous to the option. .It Xo .Fl K , -.Fl -broken +.Fl Fl broken .Xc The .Fl K @@ -90,7 +90,7 @@ mode relies on reserved ports. The long name is an indication of how good this is. .It Xo .Fl n , -.Fl -no-input +.Fl Fl no-input .Xc The .Fl n @@ -105,13 +105,13 @@ Enable socket debugging. .It Xo .Fl e , -.Fl -no-stderr +.Fl Fl no-stderr .Xc Don't use a separate socket for the stderr stream. This can be necessary if rsh-ing through a NAT bridge. .It Xo .Fl x , -.Fl -encrypt +.Fl Fl encrypt .Xc The .Fl x @@ -132,7 +132,7 @@ section of when using Kerberos 5. .It Xo .Fl f , -.Fl -forward +.Fl Fl forward .Xc Forward Kerberos 5 credentials to the remote host. Also settable via @@ -141,7 +141,7 @@ Also settable via .Xr krb5.conf ) . .It Xo .Fl F , -.Fl -forwardable +.Fl Fl forwardable .Xc Make the forwarded credentials re-forwardable. Also settable via @@ -150,7 +150,7 @@ Also settable via .Xr krb5.conf ) . .It Xo .Fl l Ar string , -.Fl -user= Ns Ar string +.Fl Fl user= Ns Ar string .Xc By default the remote username is the same as the local. The .Fl l @@ -159,7 +159,7 @@ option or the format allow the remote name to be specified. .It Xo .Fl n , -.Fl -no-input +.Fl Fl no-input .Xc Direct input from .Pa /dev/null @@ -168,7 +168,7 @@ Direct input from section). .It Xo .Fl p Ar number-or-service , -.Fl -port= Ns Ar number-or-service +.Fl Fl port= Ns Ar number-or-service .Xc Connect to this port instead of the default (which is 514 when using old port based authentication, 544 for Kerberos 5 and non-encrypted @@ -177,7 +177,7 @@ the contents of .Pa /etc/services ) . .It Xo .Fl P Ar N|O|1|2 , -.Fl -protocol= Ns Ar N|O|1|2 +.Fl Fl protocol= Ns Ar N|O|1|2 .Xc Specifies the protocol version to use with Kerberos 5. .Ar N @@ -193,20 +193,20 @@ default. Unless asked for a specific version, will try both. This behaviour may change in the future. .It Xo .Fl u , -.Fl -unique +.Fl Fl unique .Xc Make sure the remote credentials cache is unique, that is, don't reuse any existing cache. Mutually exclusive to .Fl U . .It Xo .Fl U Pa string , -.Fl -tkfile= Ns Pa string +.Fl Fl tkfile= Ns Pa string .Xc Name of the remote credentials cache. Mutually exclusive to .Fl u . .It Xo .Fl x , -.Fl -encrypt +.Fl Fl encrypt .Xc The .Fl x diff --git a/appl/rsh/rshd.8 b/appl/rsh/rshd.8 index 1f4035c2b..e383c7e25 100644 --- a/appl/rsh/rshd.8 +++ b/appl/rsh/rshd.8 @@ -52,14 +52,14 @@ service. Supported options are: .Bl -tag -width Ds .It Xo .Fl n , -.Fl -no-keepalive +.Fl Fl no-keepalive .Xc Disables keep-alive messages. Keep-alives are packets sent at certain intervals to make sure that the client is still there, even when it doesn't send any data. .It Xo .Fl k , -.Fl -kerberos +.Fl Fl kerberos .Xc Assume that clients connecting to this server will use some form of Kerberos authentication. See the @@ -69,7 +69,7 @@ section for a sample configuration. .It Xo .Fl x , -.Fl -encrypt +.Fl Fl encrypt .Xc For Kerberos 4 this means that the connections are encrypted. Kerberos 5 can negotiate encryption even without this option, but if it's @@ -79,14 +79,14 @@ will deny unencrypted connections. This option implies .Fl k . .\".It Xo .\".Fl l , -.\".Fl -no-rhosts +.\".Fl Fl no-rhosts .\".Xc .\"When using old port-based authentication, the user's .\".Pa .rhosts .\"files are normally checked. This option disables this. .It Xo .Fl v , -.Fl -vacuous +.Fl Fl vacuous .Xc If the connecting client does not use any Kerberised authentication, print a message that complains about this fact, and exit. This is @@ -104,7 +104,7 @@ it possible to share tokens between sessions. This is only useful in peculiar environments, such as some batch systems. .It Xo .Fl i , -.Fl -no-inetd +.Fl Fl no-inetd .Xc The .Fl i @@ -115,7 +115,7 @@ to create a socket, instead of assuming that its stdin came from This is mostly useful for debugging. .It Xo .Fl p Ar port , -.Fl -port= Ns Ar port +.Fl Fl port= Ns Ar port .Xc Port to use with .Fl i . diff --git a/appl/su/su.1 b/appl/su/su.1 index 39d46f458..0187e3145 100644 --- a/appl/su/su.1 +++ b/appl/su/su.1 @@ -39,16 +39,16 @@ .Nd substitute user identity .Sh SYNOPSIS .Nm su -.Op Fl K | Fl -no-kerberos +.Op Fl K | Fl Fl no-kerberos .Op Fl f -.Op Fl l | Fl -full +.Op Fl l | Fl Fl full .Op Fl m .Oo Fl i Ar instance \*(Ba Xo -.Fl -instance= Ns Ar instance +.Fl Fl instance= Ns Ar instance .Xc .Oc .Oo Fl c Ar command \*(Ba Xo -.Fl -command= Ns Ar command +.Fl Fl command= Ns Ar command .Xc .Oc .Op Ar login Op Ar "shell arguments" @@ -100,24 +100,24 @@ The options are as follows: .Bl -item -width Ds .It .Fl K , -.Fl -no-kerberos +.Fl Fl no-kerberos don't use Kerberos. .It .Fl f don't read .cshrc. .It .Fl l , -.Fl -full +.Fl Fl full simulate full login. .It .Fl m leave environment unmodified. .It .Fl i Ar instance , -.Fl -instance= Ns Ar instance +.Fl Fl instance= Ns Ar instance root instance to use. .It .Fl c Ar command , -.Fl -command= Ns Ar command +.Fl Fl command= Ns Ar command command to execute. .El diff --git a/kadmin/kadmin.8 b/kadmin/kadmin.8 index 72f3845f0..79178aea9 100644 --- a/kadmin/kadmin.8 +++ b/kadmin/kadmin.8 @@ -40,16 +40,16 @@ .Sh SYNOPSIS .Nm .Bk -words -.Op Fl p Ar string \*(Ba Fl -principal= Ns Ar string -.Op Fl K Ar string \*(Ba Fl -keytab= Ns Ar string -.Op Fl c Ar file \*(Ba Fl -config-file= Ns Ar file -.Op Fl k Ar file \*(Ba Fl -key-file= Ns Ar file -.Op Fl r Ar realm \*(Ba Fl -realm= Ns Ar realm -.Op Fl a Ar host \*(Ba Fl -admin-server= Ns Ar host -.Op Fl s Ar port number \*(Ba Fl -server-port= Ns Ar port number -.Op Fl l | Fl -local -.Op Fl h | Fl -help -.Op Fl v | Fl -version +.Op Fl p Ar string \*(Ba Fl Fl principal= Ns Ar string +.Op Fl K Ar string \*(Ba Fl Fl keytab= Ns Ar string +.Op Fl c Ar file \*(Ba Fl Fl config-file= Ns Ar file +.Op Fl k Ar file \*(Ba Fl Fl key-file= Ns Ar file +.Op Fl r Ar realm \*(Ba Fl Fl realm= Ns Ar realm +.Op Fl a Ar host \*(Ba Fl Fl admin-server= Ns Ar host +.Op Fl s Ar port number \*(Ba Fl Fl server-port= Ns Ar port number +.Op Fl l | Fl Fl local +.Op Fl h | Fl Fl help +.Op Fl v | Fl Fl version .Op Ar command .Ek .Sh DESCRIPTION @@ -63,21 +63,21 @@ option). .Pp Supported options: .Bl -tag -width Ds -.It Fl p Ar string , Fl -principal= Ns Ar string +.It Fl p Ar string , Fl Fl principal= Ns Ar string principal to authenticate as -.It Fl K Ar string , Fl -keytab= Ns Ar string +.It Fl K Ar string , Fl Fl keytab= Ns Ar string keytab for authentication principal -.It Fl c Ar file , Fl -config-file= Ns Ar file +.It Fl c Ar file , Fl Fl config-file= Ns Ar file location of config file -.It Fl k Ar file , Fl -key-file= Ns Ar file +.It Fl k Ar file , Fl Fl key-file= Ns Ar file location of master key file -.It Fl r Ar realm , Fl -realm= Ns Ar realm +.It Fl r Ar realm , Fl Fl realm= Ns Ar realm realm to use -.It Fl a Ar host , Fl -admin-server= Ns Ar host +.It Fl a Ar host , Fl Fl admin-server= Ns Ar host server to contact -.It Fl s Ar port number , Fl -server-port= Ns Ar port number +.It Fl s Ar port number , Fl Fl server-port= Ns Ar port number port to use -.It Fl l , Fl -local +.It Fl l , Fl Fl local local admin mode .El .Pp @@ -101,15 +101,15 @@ Commands include: .\" with nested Xo/Xc .Pp .Nm add -.Op Fl r | Fl -random-key -.Op Fl -random-password -.Op Fl p Ar string \*(Ba Fl -password= Ns Ar string -.Op Fl -key= Ns Ar string -.Op Fl -max-ticket-life= Ns Ar lifetime -.Op Fl -max-renewable-life= Ns Ar lifetime -.Op Fl -attributes= Ns Ar attributes -.Op Fl -expiration-time= Ns Ar time -.Op Fl -pw-expiration-time= Ns Ar time +.Op Fl r | Fl Fl random-key +.Op Fl Fl random-password +.Op Fl p Ar string \*(Ba Fl Fl password= Ns Ar string +.Op Fl Fl key= Ns Ar string +.Op Fl Fl max-ticket-life= Ns Ar lifetime +.Op Fl Fl max-renewable-life= Ns Ar lifetime +.Op Fl Fl attributes= Ns Ar attributes +.Op Fl Fl expiration-time= Ns Ar time +.Op Fl Fl pw-expiration-time= Ns Ar time .Ar principal... .Bd -ragged -offset indent Adds a new principal to the database. The options not passed on the @@ -117,7 +117,7 @@ command line will be promped for. .Ed .Pp .Nm add_enctype -.Op Fl r | Fl -random-key +.Op Fl r | Fl Fl random-key .Ar principal enctypes... .Pp .Bd -ragged -offset indent @@ -141,7 +141,7 @@ enctypes. .Pp .Nm ext_keytab .Oo Fl k Ar string \*(Ba Xo -.Fl -keytab= Ns Ar string +.Fl Fl keytab= Ns Ar string .Xc .Oc .Ar principal... @@ -150,10 +150,10 @@ Creates a keytab with the keys of the specified principals. .Ed .Pp .Nm get -.Op Fl l | Fl -long -.Op Fl s | Fl -short -.Op Fl t | Fl -terse -.Op Fl o Ar string | Fl -column-info= Ns Ar string +.Op Fl l | Fl Fl long +.Op Fl s | Fl Fl short +.Op Fl t | Fl Fl terse +.Op Fl o Ar string | Fl Fl column-info= Ns Ar string .Ar principal... .Bd -ragged -offset indent Lists the matching principals, short prints the result as a table, @@ -192,14 +192,14 @@ and .Pp .Nm modify .Oo Fl a Ar attributes \*(Ba Xo -.Fl -attributes= Ns Ar attributes +.Fl Fl attributes= Ns Ar attributes .Xc .Oc -.Op Fl -max-ticket-life= Ns Ar lifetime -.Op Fl -max-renewable-life= Ns Ar lifetime -.Op Fl -expiration-time= Ns Ar time -.Op Fl -pw-expiration-time= Ns Ar time -.Op Fl -kvno= Ns Ar number +.Op Fl Fl max-ticket-life= Ns Ar lifetime +.Op Fl Fl max-renewable-life= Ns Ar lifetime +.Op Fl Fl expiration-time= Ns Ar time +.Op Fl Fl pw-expiration-time= Ns Ar time +.Op Fl Fl kvno= Ns Ar number .Ar principal... .Bd -ragged -offset indent Modifies certain attributes of a principal. If run without command @@ -228,13 +228,13 @@ kadmin -l modify -a -disallow-proxiable user .Ed .Pp .Nm passwd -.Op Fl r | Fl -random-key -.Op Fl -random-password +.Op Fl r | Fl Fl random-key +.Op Fl Fl random-password .Oo Fl p Ar string \*(Ba Xo -.Fl -password= Ns Ar string +.Fl Fl password= Ns Ar string .Xc .Oc -.Op Fl -key= Ns Ar string +.Op Fl Fl key= Ns Ar string .Ar principal... .Bd -ragged -offset indent Changes the password of an existing principal. @@ -285,20 +285,20 @@ no realm is given, the default realm is used. When running in local mode, the following commands can also be used: .Pp .Nm dump -.Op Fl d | Fl -decrypt +.Op Fl d | Fl Fl decrypt .Op Ar dump-file .Bd -ragged -offset indent Writes the database in .Dq human readable form to the specified file, or standard out. If the database is encrypted, the dump will also have encrypted keys, unless -.Fl -decrypt +.Fl Fl decrypt is used. .Ed .Pp .Nm init -.Op Fl -realm-max-ticket-life= Ns Ar string -.Op Fl -realm-max-renewable-life= Ns Ar string +.Op Fl Fl realm-max-ticket-life= Ns Ar string +.Op Fl Fl realm-max-renewable-life= Ns Ar string .Ar realm .Bd -ragged -offset indent Initializes the Kerberos database with entries for a new realm. It's @@ -322,15 +322,15 @@ but just modifies the database with the entries in the dump file. .Pp .Nm stash .Oo Fl e Ar enctype \*(Ba Xo -.Fl -enctype= Ns Ar enctype +.Fl Fl enctype= Ns Ar enctype .Xc .Oc .Oo Fl k Ar keyfile \*(Ba Xo -.Fl -key-file= Ns Ar keyfile +.Fl Fl key-file= Ns Ar keyfile .Xc .Oc -.Op Fl -convert-file -.Op Fl -master-key-fd= Ns Ar fd +.Op Fl Fl convert-file +.Op Fl Fl master-key-fd= Ns Ar fd .Bd -ragged -offset indent Writes the Kerberos master key to a file used by the KDC. .Ed diff --git a/kadmin/kadmind.8 b/kadmin/kadmind.8 index cbfd032e9..0c9ab3ebd 100644 --- a/kadmin/kadmind.8 +++ b/kadmin/kadmind.8 @@ -41,21 +41,21 @@ .Nm .Bk -words .Oo Fl c Ar file \*(Ba Xo -.Fl -config-file= Ns Ar file +.Fl Fl config-file= Ns Ar file .Xc .Oc .Oo Fl k Ar file \*(Ba Xo -.Fl -key-file= Ns Ar file +.Fl Fl key-file= Ns Ar file .Xc .Oc -.Op Fl -keytab= Ns Ar keytab +.Op Fl Fl keytab= Ns Ar keytab .Oo Fl r Ar realm \*(Ba Xo -.Fl -realm= Ns Ar realm +.Fl Fl realm= Ns Ar realm .Xc .Oc -.Op Fl d | Fl -debug +.Op Fl d | Fl Fl debug .Oo Fl p Ar port \*(Ba Xo -.Fl -ports= Ns Ar port +.Fl Fl ports= Ns Ar port .Xc .Oc .Ek @@ -67,7 +67,7 @@ assumes that it has been started by .Xr inetd 8 , otherwise it behaves as a daemon, forking processes for each new connection. The -.Fl -debug +.Fl Fl debug option causes .Nm to accept exactly one connection, which is useful for debugging. @@ -117,17 +117,17 @@ glob-style pattern. .Pp Supported options: .Bl -tag -width Ds -.It Fl c Ar file , Fl -config-file= Ns Ar file +.It Fl c Ar file , Fl Fl config-file= Ns Ar file location of config file -.It Fl k Ar file , Fl -key-file= Ns Ar file +.It Fl k Ar file , Fl Fl key-file= Ns Ar file location of master key file -.It Fl -keytab= Ns Ar keytab +.It Fl Fl keytab= Ns Ar keytab what keytab to use -.It Fl r Ar realm , Fl -realm= Ns Ar realm +.It Fl r Ar realm , Fl Fl realm= Ns Ar realm realm to use -.It Fl d , Fl -debug +.It Fl d , Fl Fl debug enable debugging -.It Fl p Ar port , Fl -ports= Ns Ar port +.It Fl p Ar port , Fl Fl ports= Ns Ar port ports to listen to. By default, if run as a daemon, it listens to port 749, but you can add any number of ports with this option. The port string is a whitespace separated list of port specifications, with the @@ -144,7 +144,7 @@ This will cause to listen to port 4711 in addition to any compiled in defaults: .Pp -.D1 Nm Fl -ports Ns Li "=\*[q]+ 4711\*[q] &" +.D1 Nm Fl Fl ports Ns Li "=\*[q]+ 4711\*[q] &" .Pp This acl file will grant Joe all rights, and allow Mallory to view and add host principals. diff --git a/kcm/kcm.8 b/kcm/kcm.8 index cde03362d..0da86a7c2 100644 --- a/kcm/kcm.8 +++ b/kcm/kcm.8 @@ -40,57 +40,57 @@ is a process based credential cache for Kerberos tickets. .Sh SYNOPSIS .Nm -.Op Fl -cache-name= Ns Ar cachename +.Op Fl Fl cache-name= Ns Ar cachename .Oo Fl c Ar file \*(Ba Xo -.Fl -config-file= Ns Ar file +.Fl Fl config-file= Ns Ar file .Xc .Oc .Oo Fl g Ar group \*(Ba Xo -.Fl -group= Ns Ar group +.Fl Fl group= Ns Ar group .Xc .Oc -.Op Fl -max-request= Ns Ar size -.Op Fl -disallow-getting-krbtgt -.Op Fl -detach -.Op Fl h | Fl -help +.Op Fl Fl max-request= Ns Ar size +.Op Fl Fl disallow-getting-krbtgt +.Op Fl Fl detach +.Op Fl h | Fl Fl help .Oo Fl k Ar principal \*(Ba Xo -.Fl -system-principal= Ns Ar principal +.Fl Fl system-principal= Ns Ar principal .Xc .Oc .Oo Fl l Ar time \*(Ba Xo -.Fl -lifetime= Ns Ar time +.Fl Fl lifetime= Ns Ar time .Xc .Oc .Oo Fl m Ar mode \*(Ba Xo -.Fl -mode= Ns Ar mode +.Fl Fl mode= Ns Ar mode .Xc .Oc -.Op Fl n | Fl -no-name-constraints +.Op Fl n | Fl Fl no-name-constraints .Oo Fl r Ar time \*(Ba Xo -.Fl -renewable-life= Ns Ar time +.Fl Fl renewable-life= Ns Ar time .Xc .Oc .Oo Fl s Ar path \*(Ba Xo -.Fl -socket-path= Ns Ar path +.Fl Fl socket-path= Ns Ar path .Xc .Oc .Oo Xo -.Fl -door-path= Ns Ar path +.Fl Fl door-path= Ns Ar path .Xc .Oc .Oo Fl S Ar principal \*(Ba Xo -.Fl -server= Ns Ar principal +.Fl Fl server= Ns Ar principal .Xc .Oc .Oo Fl t Ar keytab \*(Ba Xo -.Fl -keytab= Ns Ar keytab +.Fl Fl keytab= Ns Ar keytab .Xc .Oc .Oo Fl u Ar user \*(Ba Xo -.Fl -user= Ns Ar user +.Fl Fl user= Ns Ar user .Xc .Oc -.Op Fl v | Fl -version +.Op Fl v | Fl Fl version .Sh DESCRIPTION .Nm is a process based credential cache. @@ -127,42 +127,42 @@ the ticket itself. .Pp Supported options: .Bl -tag -width Ds -.It Fl -cache-name= Ns Ar cachename +.It Fl Fl cache-name= Ns Ar cachename system cache name -.It Fl c Ar file , Fl -config-file= Ns Ar file +.It Fl c Ar file , Fl Fl config-file= Ns Ar file location of config file -.It Fl g Ar group , Fl -group= Ns Ar group +.It Fl g Ar group , Fl Fl group= Ns Ar group system cache group -.It Fl -max-request= Ns Ar size +.It Fl Fl max-request= Ns Ar size max size for a kcm-request -.It Fl -disallow-getting-krbtgt +.It Fl Fl disallow-getting-krbtgt disallow extracting any krbtgt from the .Nm kcm daemon. -.It Fl -detach +.It Fl Fl detach detach from console -.It Fl h , Fl -help -.It Fl k Ar principal , Fl -system-principal= Ns Ar principal +.It Fl h , Fl Fl help +.It Fl k Ar principal , Fl Fl system-principal= Ns Ar principal system principal name -.It Fl l Ar time , Fl -lifetime= Ns Ar time +.It Fl l Ar time , Fl Fl lifetime= Ns Ar time lifetime of system tickets -.It Fl m Ar mode , Fl -mode= Ns Ar mode +.It Fl m Ar mode , Fl Fl mode= Ns Ar mode octal mode of system cache -.It Fl n , Fl -no-name-constraints +.It Fl n , Fl Fl no-name-constraints disable credentials cache name constraints -.It Fl r Ar time , Fl -renewable-life= Ns Ar time +.It Fl r Ar time , Fl Fl renewable-life= Ns Ar time renewable lifetime of system tickets -.It Fl s Ar path , Fl -socket-path= Ns Ar path +.It Fl s Ar path , Fl Fl socket-path= Ns Ar path path to kcm domain socket -.It Fl -door-path= Ns Ar path +.It Fl Fl door-path= Ns Ar path path to kcm door socket -.It Fl S Ar principal , Fl -server= Ns Ar principal +.It Fl S Ar principal , Fl Fl server= Ns Ar principal server to get system ticket for -.It Fl t Ar keytab , Fl -keytab= Ns Ar keytab +.It Fl t Ar keytab , Fl Fl keytab= Ns Ar keytab system keytab name -.It Fl u Ar user , Fl -user= Ns Ar user +.It Fl u Ar user , Fl Fl user= Ns Ar user system cache owner -.It Fl v , Fl -version +.It Fl v , Fl Fl version .El .\".Sh ENVIRONMENT .\".Sh FILES diff --git a/kdc/hprop.8 b/kdc/hprop.8 index cca0d7acf..6e62cae89 100644 --- a/kdc/hprop.8 +++ b/kdc/hprop.8 @@ -41,36 +41,36 @@ .Nm .Bk -words .Oo Fl m Ar file \*(Ba Xo -.Fl -master-key= Ns Pa file +.Fl Fl master-key= Ns Pa file .Xc .Oc .Oo Fl d Ar file \*(Ba Xo -.Fl -database= Ns Pa file +.Fl Fl database= Ns Pa file .Xc .Oc -.Op Fl -source= Ns Ar heimdal|mit-dump +.Op Fl Fl source= Ns Ar heimdal|mit-dump .Oo Fl r Ar string \*(Ba Xo -.Fl -v4-realm= Ns Ar string +.Fl Fl v4-realm= Ns Ar string .Xc .Oc .Oo Fl c Ar cell \*(Ba Xo -.Fl -cell= Ns Ar cell +.Fl Fl cell= Ns Ar cell .Xc .Oc .Oo Fl k Ar keytab \*(Ba Xo -.Fl -keytab= Ns Ar keytab +.Fl Fl keytab= Ns Ar keytab .Xc .Oc .Oo Fl R Ar string \*(Ba Xo -.Fl -v5-realm= Ns Ar string +.Fl Fl v5-realm= Ns Ar string .Xc .Oc -.Op Fl D | Fl -decrypt -.Op Fl E | Fl -encrypt -.Op Fl n | Fl -stdout -.Op Fl v | Fl -verbose -.Op Fl -version -.Op Fl h | Fl -help +.Op Fl D | Fl Fl decrypt +.Op Fl E | Fl Fl encrypt +.Op Fl n | Fl Fl stdout +.Op Fl v | Fl Fl verbose +.Op Fl Fl version +.Op Fl h | Fl Fl help .Op Ar host Ns Op : Ns Ar port .Ar ... .Ek @@ -89,11 +89,11 @@ specified on the command by opening a TCP connection to port 754 .Pp Supported options: .Bl -tag -width Ds -.It Fl m Ar file , Fl -master-key= Ns Pa file +.It Fl m Ar file , Fl Fl master-key= Ns Pa file Where to find the master key to encrypt or decrypt keys with. -.It Fl d Ar file , Fl -database= Ns Pa file +.It Fl d Ar file , Fl Fl database= Ns Pa file The database to be propagated. -.It Fl -source= Ns Ar heimdal|mit-dump|krb4-dump|kaserver +.It Fl Fl source= Ns Ar heimdal|mit-dump|krb4-dump|kaserver Specifies the type of the source database. Alternatives include: .Pp .Bl -tag -width mit-dump -compact -offset indent @@ -102,21 +102,21 @@ a Heimdal database .It mit-dump a MIT Kerberos 5 dump file .El -+.It Fl k Ar keytab , Fl -keytab= Ns Ar keytab ++.It Fl k Ar keytab , Fl Fl keytab= Ns Ar keytab The keytab to use for fetching the key to be used for authenticating to the propagation daemon(s). The key .Pa hprop/hostname is used from this keytab. The default is to fetch the key from the KDC database. -.It Fl R Ar string , Fl -v5-realm= Ns Ar string +.It Fl R Ar string , Fl Fl v5-realm= Ns Ar string Local realm override. -.It Fl D , Fl -decrypt +.It Fl D , Fl Fl decrypt The encryption keys in the database can either be in clear, or encrypted with a master key. This option transmits the database with unencrypted keys. -.It Fl E , Fl -encrypt +.It Fl E , Fl Fl encrypt This option transmits the database with encrypted keys. -.It Fl n , Fl -stdout +.It Fl n , Fl Fl stdout Dump the database on stdout, in a format that can be fed to hpropd. .El .Sh EXAMPLES diff --git a/kdc/hpropd.8 b/kdc/hpropd.8 index 0b9b02cbe..32f425039 100644 --- a/kdc/hpropd.8 +++ b/kdc/hpropd.8 @@ -41,17 +41,17 @@ .Nm .Bk -words .Oo Fl d Ar file \*(Ba Xo -.Fl -database= Ns Ar file +.Fl Fl database= Ns Ar file .Xc .Oc -.Op Fl n | Fl -stdin -.Op Fl -print -.Op Fl i | Fl -no-inetd +.Op Fl n | Fl Fl stdin +.Op Fl Fl print +.Op Fl i | Fl Fl no-inetd .Oo Fl k Ar keytab \*(Ba Xo -.Fl -keytab= Ns Ar keytab +.Fl Fl keytab= Ns Ar keytab .Xc .Oc -.Op Fl 4 | Fl -v4dump +.Op Fl 4 | Fl Fl v4dump .Ek .Sh DESCRIPTION .Nm @@ -73,17 +73,17 @@ are accepted. .Pp Options supported: .Bl -tag -width Ds -.It Fl d Ar file , Fl -database= Ns Ar file +.It Fl d Ar file , Fl Fl database= Ns Ar file database -.It Fl n , Fl -stdin +.It Fl n , Fl Fl stdin read from stdin -.It Fl -print +.It Fl Fl print print dump to stdout -.It Fl i , Fl -no-inetd +.It Fl i , Fl Fl no-inetd not started from inetd -.It Fl k Ar keytab , Fl -keytab= Ns Ar keytab +.It Fl k Ar keytab , Fl Fl keytab= Ns Ar keytab keytab to use for authentication -.It Fl 4 , Fl -v4dump +.It Fl 4 , Fl Fl v4dump create v4 type DB .El .Sh SEE ALSO diff --git a/kdc/kdc.8 b/kdc/kdc.8 index 93f9d282c..7fa326d50 100644 --- a/kdc/kdc.8 +++ b/kdc/kdc.8 @@ -41,27 +41,27 @@ .Nm .Bk -words .Oo Fl c Ar file \*(Ba Xo -.Fl -config-file= Ns Ar file +.Fl Fl config-file= Ns Ar file .Xc .Oc -.Op Fl p | Fl -no-require-preauth -.Op Fl -max-request= Ns Ar size -.Op Fl H | Fl -enable-http -.Op Fl -no-524 -.Op Fl -kerberos4 -.Op Fl -kerberos4-cross-realm +.Op Fl p | Fl Fl no-require-preauth +.Op Fl Fl max-request= Ns Ar size +.Op Fl H | Fl Fl enable-http +.Op Fl Fl no-524 +.Op Fl Fl kerberos4 +.Op Fl Fl kerberos4-cross-realm .Oo Fl r Ar string \*(Ba Xo -.Fl -v4-realm= Ns Ar string +.Fl Fl v4-realm= Ns Ar string .Xc .Oc -.Op Fl K | Fl -kaserver +.Op Fl K | Fl Fl kaserver .Oo Fl P Ar portspec \*(Ba Xo -.Fl -ports= Ns Ar portspec +.Fl Fl ports= Ns Ar portspec .Xc .Oc -.Op Fl -detach -.Op Fl -disable-des -.Op Fl -addresses= Ns Ar list of addresses +.Op Fl Fl detach +.Op Fl Fl disable-des +.Op Fl Fl addresses= Ns Ar list of addresses .Ek .Sh DESCRIPTION .Nm @@ -72,11 +72,11 @@ or from a default compiled-in value. .Pp Options supported: .Bl -tag -width Ds -.It Fl c Ar file , Fl -config-file= Ns Ar file +.It Fl c Ar file , Fl Fl config-file= Ns Ar file Specifies the location of the config file, the default is .Pa /var/heimdal/kdc.conf . This is the only value that can't be specified in the config file. -.It Fl p , Fl -no-require-preauth +.It Fl p , Fl Fl no-require-preauth Turn off the requirement for pre-autentication in the initial AS-REQ for all principals. The use of pre-authentication makes it more difficult to do offline @@ -89,20 +89,20 @@ pre-athentication. The default is to require pre-authentication. Adding the require-preauth per principal is a more flexible way of handling this. -.It Fl -max-request= Ns Ar size +.It Fl Fl max-request= Ns Ar size Gives an upper limit on the size of the requests that the kdc is willing to handle. -.It Fl H , Fl -enable-http +.It Fl H , Fl Fl enable-http Makes the kdc listen on port 80 and handle requests encapsulated in HTTP. -.It Fl -no-524 +.It Fl Fl no-524 don't respond to 524 requests -.It Fl -kerberos4 +.It Fl Fl kerberos4 respond to Kerberos 4 requests -.It Fl -kerberos4-cross-realm +.It Fl Fl kerberos4-cross-realm respond to Kerberos 4 requests from foreign realms. This is a known security hole and should not be enabled unless you understand the consequences and are willing to live with them. -.It Fl r Ar string , Fl -v4-realm= Ns Ar string +.It Fl r Ar string , Fl Fl v4-realm= Ns Ar string What realm this server should act as when dealing with version 4 requests. The database can contain any number of realms, but since the version 4 @@ -112,21 +112,21 @@ The default is whatever is returned by .Fn krb_get_lrealm . This option is only available if the KDC has been compiled with version 4 support. -.It Fl K , Fl -kaserver +.It Fl K , Fl Fl kaserver Enable kaserver emulation (in case it's compiled in). -.It Fl P Ar portspec , Fl -ports= Ns Ar portspec +.It Fl P Ar portspec , Fl Fl ports= Ns Ar portspec Specifies the set of ports the KDC should listen on. It is given as a white-space separated list of services or port numbers. -.It Fl -addresses= Ns Ar list of addresses +.It Fl Fl addresses= Ns Ar list of addresses The list of addresses to listen for requests on. By default, the kdc will listen on all the locally configured addresses. If only a subset is desired, or the automatic detection fails, this option might be used. -.It Fl -detach +.It Fl Fl detach detach from pty and run as a daemon. -.It Fl -disable-des +.It Fl Fl disable-des disable add des encryption types, makes the kdc not use them. .El .Pp @@ -153,7 +153,7 @@ specified as: .Dl require-preauth = no .Pp (in fact you can specify the option as -.Fl -require-preauth=no ) . +.Fl Fl require-preauth=no ) . .Pp And there are some configuration options which do not have command-line equivalents: diff --git a/kdc/kstash.8 b/kdc/kstash.8 index dca67f4a4..370e315a9 100644 --- a/kdc/kstash.8 +++ b/kdc/kstash.8 @@ -41,19 +41,19 @@ .Nm .Bk -words .Oo Fl e Ar string \*(Ba Xo -.Fl -enctype= Ns Ar string +.Fl Fl enctype= Ns Ar string .Xc .Oc .Oo Fl k Ar file \*(Ba Xo -.Fl -key-file= Ns Ar file +.Fl Fl key-file= Ns Ar file .Xc .Oc -.Op Fl -convert-file -.Op Fl -random-key -.Op Fl -master-key-fd= Ns Ar fd -.Op Fl -random-key -.Op Fl h | Fl -help -.Op Fl -version +.Op Fl Fl convert-file +.Op Fl Fl random-key +.Op Fl Fl master-key-fd= Ns Ar fd +.Op Fl Fl random-key +.Op Fl h | Fl Fl help +.Op Fl Fl version .Ek .Sh DESCRIPTION .Nm @@ -62,16 +62,16 @@ used by the KDC. .Pp Supported options: .Bl -tag -width Ds -.It Fl e Ar string , Fl -enctype= Ns Ar string +.It Fl e Ar string , Fl Fl enctype= Ns Ar string the encryption type to use, defaults to DES3-CBC-SHA1. -.It Fl k Ar file , Fl -key-file= Ns Ar file +.It Fl k Ar file , Fl Fl key-file= Ns Ar file the name of the master key file. -.It Fl -convert-file +.It Fl Fl convert-file don't ask for a new master key, just read an old master key file, and write it back in the new keyfile format. -.It Fl -random-key +.It Fl Fl random-key generate a random master key. -.It Fl -master-key-fd= Ns Ar fd +.It Fl Fl master-key-fd= Ns Ar fd filedescriptor to read passphrase from, if not specified the passphrase will be read from the terminal. .El diff --git a/kdc/string2key.8 b/kdc/string2key.8 index 57186aa07..f51a06166 100644 --- a/kdc/string2key.8 +++ b/kdc/string2key.8 @@ -39,23 +39,23 @@ .Nd map a password into a key .Sh SYNOPSIS .Nm -.Op Fl 5 | Fl -version5 -.Op Fl 4 | Fl -version4 -.Op Fl a | Fl -afs +.Op Fl 5 | Fl Fl version5 +.Op Fl 4 | Fl Fl version4 +.Op Fl a | Fl Fl afs .Oo Fl c Ar cell \*(Ba Xo -.Fl -cell= Ns Ar cell +.Fl Fl cell= Ns Ar cell .Xc .Oc .Oo Fl w Ar password \*(Ba Xo -.Fl -password= Ns Ar password +.Fl Fl password= Ns Ar password .Xc .Oc .Oo Fl p Ar principal \*(Ba Xo -.Fl -principal= Ns Ar principal +.Fl Fl principal= Ns Ar principal .Xc .Oc .Oo Fl k Ar string \*(Ba Xo -.Fl -keytype= Ns Ar string +.Fl Fl keytype= Ns Ar string .Xc .Oc .Ar password @@ -65,21 +65,21 @@ performs the string-to-key function. This is useful when you want to handle the raw key instead of the password. Supported options: .Bl -tag -width Ds -.It Fl 5 , Fl -version5 +.It Fl 5 , Fl Fl version5 Output Kerberos v5 string-to-key -.It Fl 4 , Fl -version4 +.It Fl 4 , Fl Fl version4 Output Kerberos v4 string-to-key -.It Fl a , Fl -afs +.It Fl a , Fl Fl afs Output AFS string-to-key -.It Fl c Ar cell , Fl -cell= Ns Ar cell +.It Fl c Ar cell , Fl Fl cell= Ns Ar cell AFS cell to use -.It Fl w Ar password , Fl -password= Ns Ar password +.It Fl w Ar password , Fl Fl password= Ns Ar password Password to use -.It Fl p Ar principal , Fl -principal= Ns Ar principal +.It Fl p Ar principal , Fl Fl principal= Ns Ar principal Kerberos v5 principal to use -.It Fl k Ar string , Fl -keytype= Ns Ar string +.It Fl k Ar string , Fl Fl keytype= Ns Ar string Keytype -.It Fl -version +.It Fl Fl version print version -.It Fl -help +.It Fl Fl help .El diff --git a/kpasswd/kpasswd.1 b/kpasswd/kpasswd.1 index 8844864ae..7203989b7 100644 --- a/kpasswd/kpasswd.1 +++ b/kpasswd/kpasswd.1 @@ -39,9 +39,9 @@ .Nd Kerberos 5 password changing program .Sh SYNOPSIS .Nm -.Op Fl -admin-principal= Ns Ar principal +.Op Fl Fl admin-principal= Ns Ar principal .Oo Fl c Ar cache \*(Ba Xo -.Fl -cache= Ns Ar cache +.Fl Fl cache= Ns Ar cache .Xc .Oc .Op Ar principal ... @@ -58,7 +58,7 @@ If the administrator isn't specified on the command prompt, the principal of the default credential cache will be used. .Pp If a credential cache is given, the -.Fl -admin-principal +.Fl Fl admin-principal flag is ignored and use the default name of the credential cache is used instead. .Sh DIAGNOSTICS diff --git a/kpasswd/kpasswdd.8 b/kpasswd/kpasswdd.8 index 51d674beb..a95e76bf8 100644 --- a/kpasswd/kpasswdd.8 +++ b/kpasswd/kpasswdd.8 @@ -38,23 +38,23 @@ .Sh SYNOPSIS .Nm .Bk -words -.Op Fl -addresses= Ns Ar address -.Op Fl -check-library= Ns Ar library -.Op Fl -check-function= Ns Ar function +.Op Fl Fl addresses= Ns Ar address +.Op Fl Fl check-library= Ns Ar library +.Op Fl Fl check-function= Ns Ar function .Oo Fl k Ar kspec \*(Ba Xo -.Fl -keytab= Ns Ar kspec +.Fl Fl keytab= Ns Ar kspec .Xc .Oc .Oo Fl r Ar realm \*(Ba Xo -.Fl -realm= Ns Ar realm +.Fl Fl realm= Ns Ar realm .Xc .Oc .Oo Fl p Ar string \*(Ba Xo -.Fl -port= Ns Ar string +.Fl Fl port= Ns Ar string .Xc .Oc -.Op Fl -version -.Op Fl -help +.Op Fl Fl version +.Op Fl Fl help .Ek .Sh DESCRIPTION .Nm @@ -64,14 +64,14 @@ the database directly and should thus only run on the master KDC. .Pp Supported options: .Bl -tag -width Ds -.It Fl -addresses= Ns Ar address +.It Fl Fl addresses= Ns Ar address For each till the argument is given, add the address to what kpasswdd should listen too. -.It Fl -check-library= Ns Ar library +.It Fl Fl check-library= Ns Ar library If your system has support for dynamic loading of shared libraries, you can use an external function to check password quality. This option specifies which library to load. -.It Fl -check-function= Ns Ar function +.It Fl Fl check-function= Ns Ar function This is the function to call in the loaded library. The function should look like this: .Pp @@ -86,11 +86,11 @@ is the one who tries to change passwords, and is the new password. Note that the password (in .Fa password->data ) is not zero terminated. -.It Fl k Ar kspec , Fl -keytab= Ns Ar kspec +.It Fl k Ar kspec , Fl Fl keytab= Ns Ar kspec Keytab to get authentication key from. -.It Fl r Ar realm , Fl -realm= Ns Ar realm +.It Fl r Ar realm , Fl Fl realm= Ns Ar realm Default realm. -.It Fl p Ar string , Fl -port= Ns Ar string +.It Fl p Ar string , Fl Fl port= Ns Ar string Port to listen on (default service kpasswd - 464). .El .Sh DIAGNOSTICS diff --git a/kuser/copy_cred_cache.1 b/kuser/copy_cred_cache.1 index 6fffa7913..09bdbe8f1 100644 --- a/kuser/copy_cred_cache.1 +++ b/kuser/copy_cred_cache.1 @@ -40,12 +40,12 @@ copy credentials from one cache to another .Sh SYNOPSIS .Nm -.Op Fl -krbtgt-only -.Op Fl -service= Ns Ar principal -.Op Fl -enctype= Ns Ar enctype -.Op Fl -flags= Ns Ar ticketflags -.Op Fl -valid-for= Ns Ar time -.Op Fl -fcache-version= Ns Ar integer +.Op Fl Fl krbtgt-only +.Op Fl Fl service= Ns Ar principal +.Op Fl Fl enctype= Ns Ar enctype +.Op Fl Fl flags= Ns Ar ticketflags +.Op Fl Fl valid-for= Ns Ar time +.Op Fl Fl fcache-version= Ns Ar integer .Op Aq Ar from-cache .Aq Ar to-cache .Sh DESCRIPTION @@ -57,20 +57,20 @@ copies credentials from .Pp Supported options: .Bl -tag -width Ds -.It Fl -krbtgt-only +.It Fl Fl krbtgt-only Copies only krbtgt credentials for the client's realm. This is equivalent to -.Fl -service= Ns Li krbtgt/ Ns Ao Ar CLIENTREALM Ac Ns Li @ Ns Ao Ar CLIENTREALM Ac . -.It Fl -service= Ns Ar principal +.Fl Fl service= Ns Li krbtgt/ Ns Ao Ar CLIENTREALM Ac Ns Li @ Ns Ao Ar CLIENTREALM Ac . +.It Fl Fl service= Ns Ar principal Copies only credentials matching this service principal. -.It Fl -enctype= Ns Ar enctype +.It Fl Fl enctype= Ns Ar enctype Copies only credentials a matching enctype. -.It Fl -flags= Ns Ar ticketflags +.It Fl Fl flags= Ns Ar ticketflags Copies only credentials with these ticket flags set. -.It Fl -valid-for= Ns Ar time +.It Fl Fl valid-for= Ns Ar time Copies only credentials that are valid for at least this long. This does not take renewable creds into account. -.It Fl -fcache-version= Ns Ar integer +.It Fl Fl fcache-version= Ns Ar integer The created cache, If a standard .Li FILE cache is created, it will have this file format version. diff --git a/kuser/kdestroy.1 b/kuser/kdestroy.1 index c8ba32432..765a3561f 100644 --- a/kuser/kdestroy.1 +++ b/kuser/kdestroy.1 @@ -41,13 +41,13 @@ .Nm .Bk -words .Op Fl c Ar cachefile -.Op Fl -credential= Ns Ar principal -.Op Fl -cache= Ns Ar cachefile -.Op Fl A | Fl -all -.Op Fl -no-unlog -.Op Fl -no-delete-v4 -.Op Fl -version -.Op Fl -help +.Op Fl Fl credential= Ns Ar principal +.Op Fl Fl cache= Ns Ar cachefile +.Op Fl A | Fl Fl all +.Op Fl Fl no-unlog +.Op Fl Fl no-delete-v4 +.Op Fl Fl version +.Op Fl Fl help .Ek .Sh DESCRIPTION .Nm @@ -63,11 +63,11 @@ from the credential cache if it exists. .It Fl cache= Ns Ar cachefile The cache file to remove. .It Fl A -.It Fl -all +.It Fl Fl all remove all credential caches. -.It Fl -no-unlog +.It Fl Fl no-unlog Do not remove AFS tokens. -.It Fl -no-delete-v4 +.It Fl Fl no-delete-v4 Do not remove v4 tickets. .El .Sh SEE ALSO diff --git a/kuser/kdigest.8 b/kuser/kdigest.8 index dd882efd0..91a2e850e 100644 --- a/kuser/kdigest.8 +++ b/kuser/kdigest.8 @@ -40,209 +40,209 @@ userland tool to access digest interface in the KDC .Sh SYNOPSIS .Nm -.Op Fl -ccache= Ns Ar string -.Op Fl -version -.Op Fl -help +.Op Fl Fl ccache= Ns Ar string +.Op Fl Fl version +.Op Fl Fl help command .Op arguments .Sh DESCRIPTION Supported options: .Bl -tag -width Ds .It Xo -.Fl -ccache= Ns Ar string +.Fl Fl ccache= Ns Ar string .Xc credential cache .It Xo -.Fl -version +.Fl Fl version .Xc print version .It Xo -.Fl -help +.Fl Fl help .Xc .El .Pp Available commands are: .Bl -tag -width Ds .It Xo digest-probe -.Op Fl -realm= Ns Ar string -.Op Fl h | Fl -help +.Op Fl Fl realm= Ns Ar string +.Op Fl h | Fl Fl help .Xc .Bl -tag -width Ds .It Xo -.Fl -realm= Ns Ar string +.Fl Fl realm= Ns Ar string .Xc Kerberos realm to communicate with .El .It Xo digest-server-init -.Op Fl -type= Ns Ar string -.Op Fl -kerberos-realm= Ns Ar realm -.Op Fl -digest= Ns Ar digest-type -.Op Fl -cb-type= Ns Ar type -.Op Fl -cb-value= Ns Ar value -.Op Fl -hostname= Ns Ar hostname -.Op Fl -realm= Ns Ar string +.Op Fl Fl type= Ns Ar string +.Op Fl Fl kerberos-realm= Ns Ar realm +.Op Fl Fl digest= Ns Ar digest-type +.Op Fl Fl cb-type= Ns Ar type +.Op Fl Fl cb-value= Ns Ar value +.Op Fl Fl hostname= Ns Ar hostname +.Op Fl Fl realm= Ns Ar string .Xc .Bl -tag -width Ds .It Xo -.Fl -type= Ns Ar string +.Fl Fl type= Ns Ar string .Xc digest type .It Xo -.Fl -kerberos-realm= Ns Ar realm +.Fl Fl kerberos-realm= Ns Ar realm .Xc .It Xo -.Fl -digest= Ns Ar digest-type +.Fl Fl digest= Ns Ar digest-type .Xc digest type to use in the algorithm .It Xo -.Fl -cb-type= Ns Ar type +.Fl Fl cb-type= Ns Ar type .Xc type of channel bindings .It Xo -.Fl -cb-value= Ns Ar value +.Fl Fl cb-value= Ns Ar value .Xc value of channel bindings .It Xo -.Fl -hostname= Ns Ar hostname +.Fl Fl hostname= Ns Ar hostname .Xc hostname of the server .It Xo -.Fl -realm= Ns Ar string +.Fl Fl realm= Ns Ar string .Xc Kerberos realm to communicate with .El .It Xo digest-server-request -.Op Fl -type= Ns Ar string -.Op Fl -kerberos-realm= Ns Ar realm -.Op Fl -username= Ns Ar name -.Op Fl -server-nonce= Ns Ar nonce -.Op Fl -server-identifier= Ns Ar nonce -.Op Fl -client-nonce= Ns Ar nonce -.Op Fl -client-response= Ns Ar response -.Op Fl -opaque= Ns Ar string -.Op Fl -authentication-name= Ns Ar name -.Op Fl -realm= Ns Ar realm -.Op Fl -method= Ns Ar method -.Op Fl -uri= Ns Ar uri -.Op Fl -nounce-count= Ns Ar count -.Op Fl -qop= Ns Ar qop -.Op Fl -ccache= Ns Ar ccache +.Op Fl Fl type= Ns Ar string +.Op Fl Fl kerberos-realm= Ns Ar realm +.Op Fl Fl username= Ns Ar name +.Op Fl Fl server-nonce= Ns Ar nonce +.Op Fl Fl server-identifier= Ns Ar nonce +.Op Fl Fl client-nonce= Ns Ar nonce +.Op Fl Fl client-response= Ns Ar response +.Op Fl Fl opaque= Ns Ar string +.Op Fl Fl authentication-name= Ns Ar name +.Op Fl Fl realm= Ns Ar realm +.Op Fl Fl method= Ns Ar method +.Op Fl Fl uri= Ns Ar uri +.Op Fl Fl nounce-count= Ns Ar count +.Op Fl Fl qop= Ns Ar qop +.Op Fl Fl ccache= Ns Ar ccache .Xc .Bl -tag -width Ds .It Xo -.Fl -type= Ns Ar string +.Fl Fl type= Ns Ar string .Xc digest type .It Xo -.Fl -kerberos-realm= Ns Ar realm +.Fl Fl kerberos-realm= Ns Ar realm .Xc .It Xo -.Fl -username= Ns Ar name +.Fl Fl username= Ns Ar name .Xc digest type .It Xo -.Fl -server-nonce= Ns Ar nonce +.Fl Fl server-nonce= Ns Ar nonce .Xc .It Xo -.Fl -server-identifier= Ns Ar nonce +.Fl Fl server-identifier= Ns Ar nonce .Xc .It Xo -.Fl -client-nonce= Ns Ar nonce +.Fl Fl client-nonce= Ns Ar nonce .Xc .It Xo -.Fl -client-response= Ns Ar response +.Fl Fl client-response= Ns Ar response .Xc .It Xo -.Fl -opaque= Ns Ar string +.Fl Fl opaque= Ns Ar string .Xc .It Xo -.Fl -authentication-name= Ns Ar name +.Fl Fl authentication-name= Ns Ar name .Xc .It Xo -.Fl -realm= Ns Ar realm +.Fl Fl realm= Ns Ar realm .Xc .It Xo -.Fl -method= Ns Ar method +.Fl Fl method= Ns Ar method .Xc .It Xo -.Fl -uri= Ns Ar uri +.Fl Fl uri= Ns Ar uri .Xc .It Xo -.Fl -nounce-count= Ns Ar count +.Fl Fl nounce-count= Ns Ar count .Xc .It Xo -.Fl -qop= Ns Ar qop +.Fl Fl qop= Ns Ar qop .Xc .It Xo -.Fl -ccache= Ns Ar ccache +.Fl Fl ccache= Ns Ar ccache .Xc Where the the credential cache is created when the KDC returns tickets .El .It Xo digest-client-request -.Op Fl -type= Ns Ar string -.Op Fl -username= Ns Ar name -.Op Fl -password= Ns Ar password -.Op Fl -server-nonce= Ns Ar nonce -.Op Fl -server-identifier= Ns Ar nonce -.Op Fl -client-nonce= Ns Ar nonce -.Op Fl -opaque= Ns Ar string -.Op Fl -realm= Ns Ar realm -.Op Fl -method= Ns Ar method -.Op Fl -uri= Ns Ar uri -.Op Fl -nounce-count= Ns Ar count -.Op Fl -qop= Ns Ar qop +.Op Fl Fl type= Ns Ar string +.Op Fl Fl username= Ns Ar name +.Op Fl Fl password= Ns Ar password +.Op Fl Fl server-nonce= Ns Ar nonce +.Op Fl Fl server-identifier= Ns Ar nonce +.Op Fl Fl client-nonce= Ns Ar nonce +.Op Fl Fl opaque= Ns Ar string +.Op Fl Fl realm= Ns Ar realm +.Op Fl Fl method= Ns Ar method +.Op Fl Fl uri= Ns Ar uri +.Op Fl Fl nounce-count= Ns Ar count +.Op Fl Fl qop= Ns Ar qop .Xc .Bl -tag -width Ds .It Xo -.Fl -type= Ns Ar string +.Fl Fl type= Ns Ar string .Xc digest type .It Xo -.Fl -username= Ns Ar name +.Fl Fl username= Ns Ar name .Xc digest type .It Xo -.Fl -password= Ns Ar password +.Fl Fl password= Ns Ar password .Xc .It Xo -.Fl -server-nonce= Ns Ar nonce +.Fl Fl server-nonce= Ns Ar nonce .Xc .It Xo -.Fl -server-identifier= Ns Ar nonce +.Fl Fl server-identifier= Ns Ar nonce .Xc .It Xo -.Fl -client-nonce= Ns Ar nonce +.Fl Fl client-nonce= Ns Ar nonce .Xc .It Xo -.Fl -opaque= Ns Ar string +.Fl Fl opaque= Ns Ar string .Xc .It Xo -.Fl -realm= Ns Ar realm +.Fl Fl realm= Ns Ar realm .Xc .It Xo -.Fl -method= Ns Ar method +.Fl Fl method= Ns Ar method .Xc .It Xo -.Fl -uri= Ns Ar uri +.Fl Fl uri= Ns Ar uri .Xc .It Xo -.Fl -nounce-count= Ns Ar count +.Fl Fl nounce-count= Ns Ar count .Xc .It Xo -.Fl -qop= Ns Ar qop +.Fl Fl qop= Ns Ar qop .Xc .El .It Xo ntlm-server-init -.Op Fl -version= Ns Ar integer -.Op Fl -kerberos-realm= Ns Ar string +.Op Fl Fl version= Ns Ar integer +.Op Fl Fl kerberos-realm= Ns Ar string .Xc .Bl -tag -width Ds .It Xo -.Fl -version= Ns Ar integer +.Fl Fl version= Ns Ar integer .Xc ntlm version .It Xo -.Fl -kerberos-realm= Ns Ar string +.Fl Fl kerberos-realm= Ns Ar string .Xc Kerberos realm to communicate with .El diff --git a/kuser/kgetcred.1 b/kuser/kgetcred.1 index 4f0be6a42..7c3228b40 100644 --- a/kuser/kgetcred.1 +++ b/kuser/kgetcred.1 @@ -39,18 +39,18 @@ .Nd "get a ticket for a particular service" .Sh SYNOPSIS .Nm -.Op Fl -canonicalize +.Op Fl Fl canonicalize .Oo Fl c cache \*(Ba Xo -.Fl -cache= Ns Ar cache +.Fl Fl cache= Ns Ar cache .Xc .Oc .Oo Fl e Ar enctype \*(Ba Xo -.Fl -enctype= Ns Ar enctype +.Fl Fl enctype= Ns Ar enctype .Xc .Oc -.Op Fl -no-transit-check -.Op Fl -version -.Op Fl -help +.Op Fl Fl no-transit-check +.Op Fl Fl version +.Op Fl Fl help .Ar service .Sh DESCRIPTION .Nm @@ -61,16 +61,16 @@ ticket or of a special type. .Pp Supported options: .Bl -tag -width Ds -.It Fl -canonicalize +.It Fl Fl canonicalize requests that the KDC canonicalize the principal. -.It Fl c Ar cache , Fl -cache= Ns Ar cache +.It Fl c Ar cache , Fl Fl cache= Ns Ar cache the credential cache to use. -.It Fl e Ar enctype , Fl -enctype= Ns Ar enctype +.It Fl e Ar enctype , Fl Fl enctype= Ns Ar enctype encryption type to use. -.It Fl -no-transit-check +.It Fl Fl no-transit-check requests that the KDC doesn't do transit checking. -.It Fl -version -.It Fl -help +.It Fl Fl version +.It Fl Fl help .El .Sh SEE ALSO .Xr kinit 1 , diff --git a/kuser/kimpersonate.8 b/kuser/kimpersonate.8 index a7a33e800..66b613a93 100644 --- a/kuser/kimpersonate.8 +++ b/kuser/kimpersonate.8 @@ -40,17 +40,17 @@ impersonate a user when there exist a srvtab, keyfile or KeyFile .Sh SYNOPSIS .Nm -.Op Fl s Ar string \*(Ba Fl -server= Ns Ar string -.Op Fl c Ar string \*(Ba Fl -client= Ns Ar string -.Op Fl k Ar string \*(Ba Fl -keytab= Ns Ar string -.Op Fl 5 | Fl -krb5 -.Op Fl e Ar integer \*(Ba Fl -expire-time= Ns Ar integer -.Op Fl a Ar string \*(Ba Fl -client-address= Ns Ar string -.Op Fl t Ar string \*(Ba Fl -enc-type= Ns Ar string -.Op Fl f Ar string \*(Ba Fl -ticket-flags= Ns Ar string -.Op Fl -verbose -.Op Fl -version -.Op Fl -help +.Op Fl s Ar string \*(Ba Fl Fl server= Ns Ar string +.Op Fl c Ar string \*(Ba Fl Fl client= Ns Ar string +.Op Fl k Ar string \*(Ba Fl Fl keytab= Ns Ar string +.Op Fl 5 | Fl Fl krb5 +.Op Fl e Ar integer \*(Ba Fl Fl expire-time= Ns Ar integer +.Op Fl a Ar string \*(Ba Fl Fl client-address= Ns Ar string +.Op Fl t Ar string \*(Ba Fl Fl enc-type= Ns Ar string +.Op Fl f Ar string \*(Ba Fl Fl ticket-flags= Ns Ar string +.Op Fl Fl verbose +.Op Fl Fl version +.Op Fl Fl help .Sh DESCRIPTION The .Nm @@ -59,27 +59,27 @@ The service key can be read from a Kerberos 5 keytab, AFS KeyFile or (if compiled with support for Kerberos 4) a Kerberos 4 srvtab. Supported options: .Bl -tag -width Ds -.It Fl s Ar string Ns , Fl -server= Ns Ar string +.It Fl s Ar string Ns , Fl Fl server= Ns Ar string name of server principal -.It Fl c Ar string Ns , Fl -client= Ns Ar string +.It Fl c Ar string Ns , Fl Fl client= Ns Ar string name of client principal -.It Fl k Ar string Ns , Fl -keytab= Ns Ar string +.It Fl k Ar string Ns , Fl Fl keytab= Ns Ar string name of keytab file -.It Fl 5 Ns , Fl -krb5 +.It Fl 5 Ns , Fl Fl krb5 create a Kerberos 5 ticket -.It Fl e Ar integer Ns , Fl -expire-time= Ns Ar integer +.It Fl e Ar integer Ns , Fl Fl expire-time= Ns Ar integer lifetime of ticket in seconds -.It Fl a Ar string Ns , Fl -client-address= Ns Ar string +.It Fl a Ar string Ns , Fl Fl client-address= Ns Ar string address of client -.It Fl t Ar string Ns , Fl -enc-type= Ns Ar string +.It Fl t Ar string Ns , Fl Fl enc-type= Ns Ar string encryption type -.It Fl f Ar string Ns , Fl -ticket-flags= Ns Ar string +.It Fl f Ar string Ns , Fl Fl ticket-flags= Ns Ar string ticket flags for krb5 ticket -.It Fl -verbose +.It Fl Fl verbose Verbose output -.It Fl -version +.It Fl Fl version Print version -.It Fl -help +.It Fl Fl help .El .Sh FILES Uses diff --git a/kuser/kinit.1 b/kuser/kinit.1 index 7bd7e63e4..c2751ed89 100644 --- a/kuser/kinit.1 +++ b/kuser/kinit.1 @@ -39,52 +39,52 @@ .Nd acquire initial tickets .Sh SYNOPSIS .Nm kinit -.Op Fl -afslog +.Op Fl Fl afslog .Oo Fl c Ar cachename \*(Ba Xo -.Fl -cache= Ns Ar cachename +.Fl Fl cache= Ns Ar cachename .Xc .Oc -.Op Fl f | Fl -no-forwardable +.Op Fl f | Fl Fl no-forwardable .Oo Fl t Ar keytabname \*(Ba Xo -.Fl -keytab= Ns Ar keytabname +.Fl Fl keytab= Ns Ar keytabname .Xc .Oc .Oo Fl l Ar time \*(Ba Xo -.Fl -lifetime= Ns Ar time +.Fl Fl lifetime= Ns Ar time .Xc .Oc -.Op Fl p | Fl -proxiable -.Op Fl R | Fl -renew -.Op Fl -renewable +.Op Fl p | Fl Fl proxiable +.Op Fl R | Fl Fl renew +.Op Fl Fl renewable .Oo Fl r Ar time \*(Ba Xo -.Fl -renewable-life= Ns Ar time +.Fl Fl renewable-life= Ns Ar time .Xc .Oc .Oo Fl S Ar principal \*(Ba Xo -.Fl -server= Ns Ar principal +.Fl Fl server= Ns Ar principal .Xc .Oc .Oo Fl s Ar time \*(Ba Xo -.Fl -start-time= Ns Ar time +.Fl Fl start-time= Ns Ar time .Xc .Oc -.Op Fl k | Fl -use-keytab -.Op Fl v | Fl -validate +.Op Fl k | Fl Fl use-keytab +.Op Fl v | Fl Fl validate .Oo Fl e Ar enctypes \*(Ba Xo -.Fl -enctypes= Ns Ar enctypes +.Fl Fl enctypes= Ns Ar enctypes .Xc .Oc .Oo Fl a Ar addresses \*(Ba Xo -.Fl -extra-addresses= Ns Ar addresses +.Fl Fl extra-addresses= Ns Ar addresses .Xc .Oc -.Op Fl -password-file= Ns Ar filename -.Op Fl -fcache-version= Ns Ar version-number -.Op Fl A | Fl -no-addresses -.Op Fl -anonymous -.Op Fl -enterprise -.Op Fl -version -.Op Fl -help +.Op Fl Fl password-file= Ns Ar filename +.Op Fl Fl fcache-version= Ns Ar version-number +.Op Fl A | Fl Fl no-addresses +.Op Fl Fl anonymous +.Op Fl Fl enterprise +.Op Fl Fl version +.Op Fl Fl help .Op Ar principal Op Ar command .Sh DESCRIPTION .Nm @@ -96,51 +96,51 @@ can later be used to obtain tickets for other services. .Pp Supported options: .Bl -tag -width Ds -.It Fl c Ar cachename Fl -cache= Ns Ar cachename +.It Fl c Ar cachename Fl Fl cache= Ns Ar cachename The credentials cache to put the acquired ticket in, if other than default. -.It Fl f Fl -no-forwardable +.It Fl f Fl Fl no-forwardable Get ticket that can be forwarded to another host, or if the negative flags use, don't get a forwardable flag. -.It Fl t Ar keytabname , Fl -keytab= Ns Ar keytabname +.It Fl t Ar keytabname , Fl Fl keytab= Ns Ar keytabname Don't ask for a password, but instead get the key from the specified keytab. -.It Fl l Ar time , Fl -lifetime= Ns Ar time +.It Fl l Ar time , Fl Fl lifetime= Ns Ar time Specifies the lifetime of the ticket. The argument can either be in seconds, or a more human readable string like .Sq 1h . -.It Fl p , Fl -proxiable +.It Fl p , Fl Fl proxiable Request tickets with the proxiable flag set. -.It Fl R , Fl -renew +.It Fl R , Fl Fl renew Try to renew ticket. The ticket must have the .Sq renewable flag set, and must not be expired. -.It Fl -renewable +.It Fl Fl renewable The same as -.Fl -renewable-life , +.Fl Fl renewable-life , with an infinite time. -.It Fl r Ar time , Fl -renewable-life= Ns Ar time +.It Fl r Ar time , Fl Fl renewable-life= Ns Ar time The max renewable ticket life. -.It Fl S Ar principal , Fl -server= Ns Ar principal +.It Fl S Ar principal , Fl Fl server= Ns Ar principal Get a ticket for a service other than krbtgt/LOCAL.REALM. -.It Fl s Ar time , Fl -start-time= Ns Ar time +.It Fl s Ar time , Fl Fl start-time= Ns Ar time Obtain a ticket that starts to be valid .Ar time (which can really be a generic time specification, like .Sq 1h ) seconds into the future. -.It Fl k , Fl -use-keytab +.It Fl k , Fl Fl use-keytab The same as -.Fl -keytab , +.Fl Fl keytab , but with the default keytab name (normally .Ar FILE:/etc/krb5.keytab ) . -.It Fl v , Fl -validate +.It Fl v , Fl Fl validate Try to validate an invalid ticket. -.It Fl e , Fl -enctypes= Ns Ar enctypes +.It Fl e , Fl Fl enctypes= Ns Ar enctypes Request tickets with this particular enctype. -.It Fl -password-file= Ns Ar filename +.It Fl Fl password-file= Ns Ar filename read the password from the first line of .Ar filename . If the @@ -148,10 +148,10 @@ If the is .Ar STDIN , the password will be read from the standard input. -.It Fl -fcache-version= Ns Ar version-number +.It Fl Fl fcache-version= Ns Ar version-number Create a credentials cache of version .Ar version-number . -.It Fl a , Fl -extra-addresses= Ns Ar enctypes +.It Fl a , Fl Fl extra-addresses= Ns Ar enctypes Adds a set of addresses that will, in addition to the systems local addresses, be put in the ticket. This can be useful if all addresses a client can use can't be @@ -161,13 +161,13 @@ Also settable via .Li libdefaults/extra_addresses in .Xr krb5.conf 5 . -.It Fl A , Fl -no-addresses +.It Fl A , Fl Fl no-addresses Request a ticket with no addresses. -.It Fl -anonymous +.It Fl Fl anonymous Request an anonymous ticket (which means that the ticket will be issued to an anonymous principal, typically .Dq anonymous@REALM ) . -.It Fl -enterprise +.It Fl Fl enterprise Parse principal as a enterprise (KRB5-NT-ENTERPRISE) name. Enterprise names are email like principals that are stored in the name part of the principal, and since there are two @ characters the parser needs @@ -177,7 +177,7 @@ An example of an enterprise name is and this option is usually used with canonicalize so that the principal returned from the KDC will typically be the real principal name. -.It Fl -afslog +.It Fl Fl afslog Gets AFS tickets, converts them to version 4 format, and stores them in the kernel. Only useful if you have AFS. diff --git a/kuser/klist.1 b/kuser/klist.1 index b7744f7e6..f260d620d 100644 --- a/kuser/klist.1 +++ b/kuser/klist.1 @@ -41,17 +41,17 @@ .Nm .Bk -words .Oo Fl c Ar cache \*(Ba Xo -.Fl -cache= Ns Ar cache +.Fl Fl cache= Ns Ar cache .Xc .Oc -.Op Fl s | Fl t | Fl -test -.Op Fl T | Fl -tokens -.Op Fl 5 | Fl -v5 -.Op Fl v | Fl -verbose -.Op Fl l | Fl -list-caches +.Op Fl s | Fl t | Fl Fl test +.Op Fl T | Fl Fl tokens +.Op Fl 5 | Fl Fl v5 +.Op Fl v | Fl Fl verbose +.Op Fl l | Fl Fl list-caches .Op Fl f -.Op Fl -version -.Op Fl -help +.Op Fl Fl version +.Op Fl Fl help .Ek .Sh DESCRIPTION .Nm @@ -60,14 +60,14 @@ known as the ticket file). .Pp Options supported: .Bl -tag -width Ds -.It Fl c Ar cache , Fl -cache= Ns Ar cache +.It Fl c Ar cache , Fl Fl cache= Ns Ar cache credential cache to list -.It Fl s , Fl t , Fl -test +.It Fl s , Fl t , Fl Fl test Test for there being an active and valid TGT for the local realm of the user in the credential cache. -.It Fl T , Fl -tokens +.It Fl T , Fl Fl tokens display AFS tokens -.It Fl 5 , Fl -v5 +.It Fl 5 , Fl Fl v5 display v5 cred cache (this is the default) .It Fl f Include ticket flags in short form, each character stands for a @@ -98,9 +98,9 @@ hardware authenticated .El .Pp This information is also output with the -.Fl -verbose +.Fl Fl verbose option, but in a more verbose way. -.It Fl v , Fl -verbose +.It Fl v , Fl Fl verbose Verbose output. Include all possible information: .Bl -tag -width XXXX -offset indent .It Server @@ -125,7 +125,7 @@ the flags set on the ticket .It Addresses the set of addresses from which this ticket is valid .El -.It Fl l , Fl -list-caches +.It Fl l , Fl Fl list-caches List the credential caches for the current users, not all cache types supports listing multiple caches. .Pp diff --git a/kuser/kswitch.1 b/kuser/kswitch.1 index e8138e992..8c3b6da75 100644 --- a/kuser/kswitch.1 +++ b/kuser/kswitch.1 @@ -39,48 +39,48 @@ switch between default credential caches .Sh SYNOPSIS .Nm .Oo Fl t Ar type \*(Ba Xo -.Fl -type= Ns Ar type +.Fl Fl type= Ns Ar type .Xc .Oc .Oo Fl c Ar cache \*(Ba Xo -.Fl -cache= Ns Ar cache +.Fl Fl cache= Ns Ar cache .Xc .Oc .Oo Fl p Ar principal \*(Ba Xo -.Fl -principal= Ns Ar principal +.Fl Fl principal= Ns Ar principal .Xc .Oc -.Op Fl i | Fl -interactive -.Op Fl -version -.Op Fl -help +.Op Fl i | Fl Fl interactive +.Op Fl Fl version +.Op Fl Fl help .Sh DESCRIPTION Supported options: .Bl -tag -width Ds .It Xo .Fl t Ar type , -.Fl -type= Ns Ar type +.Fl Fl type= Ns Ar type .Xc type of credential cache .It Xo .Fl c Ar cache , -.Fl -cache= Ns Ar cache +.Fl Fl cache= Ns Ar cache .Xc name of credential cache to switch to .It Xo .Fl p Ar principal , -.Fl -principal= Ns Ar principal +.Fl Fl principal= Ns Ar principal .Xc name of principal to switch to .It Xo .Fl i , -.Fl -interactive +.Fl Fl interactive .Xc interactive switching between credentials. .It Xo -.Fl -version +.Fl Fl version .Xc print version .It Xo -.Fl -help +.Fl Fl help .Xc .El diff --git a/lib/kadm5/iprop-log.8 b/lib/kadm5/iprop-log.8 index 5d326c7e5..3ed7872a0 100644 --- a/lib/kadm5/iprop-log.8 +++ b/lib/kadm5/iprop-log.8 @@ -42,58 +42,58 @@ maintain the iprop log file .Sh SYNOPSIS .Nm -.Op Fl -version -.Op Fl h | Fl -help +.Op Fl Fl version +.Op Fl h | Fl Fl help .Ar command .Pp .Nm iprop-log truncate .Oo Fl c Ar file \*(Ba Xo -.Fl -config-file= Ns Ar file +.Fl Fl config-file= Ns Ar file .Xc .Oc .Oo Fl r Ar string \*(Ba Xo -.Fl -realm= Ns Ar string +.Fl Fl realm= Ns Ar string .Xc .Oc -.Op Fl h | Fl -help +.Op Fl h | Fl Fl help .Pp .Nm iprop-log dump .Oo Fl c Ar file \*(Ba Xo -.Fl -config-file= Ns Ar file +.Fl Fl config-file= Ns Ar file .Xc .Oc .Oo Fl r Ar string \*(Ba Xo -.Fl -realm= Ns Ar string +.Fl Fl realm= Ns Ar string .Xc .Oc -.Op Fl h | Fl -help +.Op Fl h | Fl Fl help .Pp .Nm iprop-log replay -.Op Fl -start-version= Ns Ar version-number -.Op Fl -end-version= Ns Ar version-number +.Op Fl Fl start-version= Ns Ar version-number +.Op Fl Fl end-version= Ns Ar version-number .Oo Fl c Ar file \*(Ba Xo -.Fl -config-file= Ns Ar file +.Fl Fl config-file= Ns Ar file .Xc .Oc .Oo Fl r Ar string \*(Ba Xo -.Fl -realm= Ns Ar string +.Fl Fl realm= Ns Ar string .Xc .Oc -.Op Fl h | Fl -help +.Op Fl h | Fl Fl help .Sh DESCRIPTION Supported options: .Bl -tag -width Ds -.It Fl -version -.It Fl h , Fl -help +.It Fl Fl version +.It Fl h , Fl Fl help .El .Pp command can be one of the following: .Bl -tag -width truncate .It truncate .Bl -tag -width Ds -.It Fl c Ar file , Fl -config-file= Ns Ar file +.It Fl c Ar file , Fl Fl config-file= Ns Ar file configuration file -.It Fl r Ar string , Fl -realm= Ns Ar string +.It Fl r Ar string , Fl Fl realm= Ns Ar string realm .El .Pp @@ -102,11 +102,11 @@ last entry of the old log. If the log is truncted by emptying the file, the log will start over at the first version (0). .It dump .Bl -tag -width Ds -.It Fl c Ar file , Fl -config-file= Ns Ar file +.It Fl c Ar file , Fl Fl config-file= Ns Ar file configuration file .It Xo .Fl r Ar string , -.Fl -realm= Ns Ar string +.Fl Fl realm= Ns Ar string .Xc realm .El @@ -114,15 +114,15 @@ realm Print out all entries in the log to standard output. .It replay .Bl -tag -width Ds -.It Fl -start-version= Ns Ar version-number +.It Fl Fl start-version= Ns Ar version-number start replay with this version .It Xo -.Fl -end-version= Ns Ar version-number +.Fl Fl end-version= Ns Ar version-number .Xc end replay with this version -.It Fl c Ar file , Fl -config-file= Ns Ar file +.It Fl c Ar file , Fl Fl config-file= Ns Ar file configuration file -.It Fl r Ar string , Fl -realm= Ns Ar string +.It Fl r Ar string , Fl Fl realm= Ns Ar string realm .El .Pp @@ -130,9 +130,9 @@ Replay the changes from specified entries (or all if none is specified) in the transaction log to the database. .It last-version .Bl -tag -width Ds -.It Fl c Ar file , Fl -config-file= Ns Ar file +.It Fl c Ar file , Fl Fl config-file= Ns Ar file configuration file -.It Fl r Ar string , Fl -realm= Ns Ar string +.It Fl r Ar string , Fl Fl realm= Ns Ar string realm .El .Pp diff --git a/lib/roken/getarg.3 b/lib/roken/getarg.3 index 00acb6fa7..15533fed9 100644 --- a/lib/roken/getarg.3 +++ b/lib/roken/getarg.3 @@ -246,20 +246,20 @@ or .Pp Long option names are prefixed with -- (double dash), and the value with a = (equal), -.Fl -foo= Ns Ar bar . +.Fl Fl foo= Ns Ar bar . Long option flags can either be specified as they are -.Pf ( Fl -help ) , +.Pf ( Fl Fl help ) , or with an (boolean parsable) option -.Pf ( Fl -help= Ns Ar yes , -.Fl -help= Ns Ar true , +.Pf ( Fl Fl help= Ns Ar yes , +.Fl Fl help= Ns Ar true , or similar), or they can also be negated -.Pf ( Fl -no-help +.Pf ( Fl Fl no-help is the same as -.Fl -help= Ns no ) , +.Fl Fl help= Ns no ) , and if you're really confused you can do it multiple times -.Pf ( Fl -no-no-help= Ns Ar false , +.Pf ( Fl Fl no-no-help= Ns Ar false , or even -.Fl -no-no-help= Ns Ar maybe ) . +.Fl Fl no-no-help= Ns Ar maybe ) . .Sh EXAMPLE .Bd -literal #include diff --git a/lib/roken/getarg.c b/lib/roken/getarg.c index 03c221408..9f2f608f6 100644 --- a/lib/roken/getarg.c +++ b/lib/roken/getarg.c @@ -133,7 +133,7 @@ mandoc_template(struct getargs *args, } if(args[i].long_name) { print_arg(buf, sizeof(buf), 1, 1, args + i, i18n); - printf("Fl -%s%s%s", + printf("Fl Fl %s%s%s", args[i].type == arg_negative_flag ? "no-" : "", args[i].long_name, buf); } @@ -142,7 +142,7 @@ mandoc_template(struct getargs *args, print_arg(buf, sizeof(buf), 1, 0, args + i, i18n); printf(".Oo Fl %c%s \\*(Ba Xo\n", args[i].short_name, buf); print_arg(buf, sizeof(buf), 1, 1, args + i, i18n); - printf(".Fl -%s%s\n.Xc\n.Oc\n", args[i].long_name, buf); + printf(".Fl Fl %s%s\n.Xc\n.Oc\n", args[i].long_name, buf); } /* if(args[i].type == arg_strings) @@ -165,7 +165,7 @@ mandoc_template(struct getargs *args, printf("\n"); } if(args[i].long_name){ - printf(".Fl -%s%s", + printf(".Fl Fl %s%s", args[i].type == arg_negative_flag ? "no-" : "", args[i].long_name); print_arg(buf, sizeof(buf), 1, 1, args + i, i18n); diff --git a/tools/krb5-config.1 b/tools/krb5-config.1 index 2d48982da..c044c96a6 100644 --- a/tools/krb5-config.1 +++ b/tools/krb5-config.1 @@ -37,10 +37,10 @@ .Nd "give information on how to link code against Heimdal libraries" .Sh SYNOPSIS .Nm -.Op Fl -prefix Ns Op = Ns Ar dir -.Op Fl -exec-prefix Ns Op = Ns Ar dir -.Op Fl -libs -.Op Fl -cflags +.Op Fl Fl prefix Ns Op = Ns Ar dir +.Op Fl Fl exec-prefix Ns Op = Ns Ar dir +.Op Fl Fl libs +.Op Fl Fl cflags .Op Ar libraries .Sh DESCRIPTION .Nm @@ -49,19 +49,19 @@ and link programs against the libraries installed by Heimdal. .Pp Options supported: .Bl -tag -width Ds -.It Fl -prefix Ns Op = Ns Ar dir +.It Fl Fl prefix Ns Op = Ns Ar dir Print the prefix if no .Ar dir is specified, otherwise set prefix to .Ar dir . -.It Fl -exec-prefix Ns Op = Ns Ar dir +.It Fl Fl exec-prefix Ns Op = Ns Ar dir Print the exec-prefix if no .Ar dir is specified, otherwise set exec-prefix to .Ar dir . -.It Fl -libs +.It Fl Fl libs Output the set of libraries that should be linked against. -.It Fl -cflags +.It Fl Fl cflags Output the set of flags to give to the C compiler when using the Heimdal libraries. .El