From ed511e06f9984c011ea5d02bcea453c959b131b1 Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@cryptonector.com>
Date: Tue, 19 Jul 2011 13:41:36 -0500
Subject: [PATCH] Updated kadmind.8 and kadmin.8.

---
 kadmin/kadmin.8  | 5 ++++-
 kadmin/kadmind.8 | 7 +++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/kadmin/kadmin.8 b/kadmin/kadmin.8
index bd2fd4e73..80723c223 100644
--- a/kadmin/kadmin.8
+++ b/kadmin/kadmin.8
@@ -146,7 +146,8 @@ enctypes.
 .Oc
 .Ar principal...
 .Bd -ragged -offset indent
-Creates a keytab with the keys of the specified principals.
+Creates a keytab with the keys of the specified principals.  Requires
+get-keys rights.
 .Ed
 .Pp
 .Nm get
@@ -228,6 +229,7 @@ kadmin -l modify -a -disallow-proxiable user
 .Ed
 .Pp
 .Nm passwd
+.Op Fl Fl keepold
 .Op Fl r | Fl Fl random-key
 .Op Fl Fl random-password
 .Oo Fl p Ar string \*(Ba Xo
@@ -260,6 +262,7 @@ Lists the operations you are allowed to perform. These include
 .Li delete ,
 .Li del_enctype ,
 .Li get ,
+.Li get-keys ,
 .Li list ,
 and
 .Li modify .
diff --git a/kadmin/kadmind.8 b/kadmin/kadmind.8
index 894340c24..453b8e7bd 100644
--- a/kadmin/kadmind.8
+++ b/kadmin/kadmind.8
@@ -107,6 +107,8 @@ add
 .It
 get
 .It
+get-keys
+.It
 all
 .El
 .Pp
@@ -147,10 +149,11 @@ compiled in defaults:
 .D1 Nm Fl Fl ports Ns Li "=\*[q]+ 4711\*[q] &"
 .Pp
 This acl file will grant Joe all rights, and allow Mallory to view and
-add host principals.
+add host principals, as well as extract host principal keys (e.g., into
+keytabs).
 .Bd -literal -offset indent
 joe/admin@EXAMPLE.COM      all
-mallory/admin@EXAMPLE.COM  add,get  host/*@EXAMPLE.COM
+mallory/admin@EXAMPLE.COM  add,get-keys  host/*@EXAMPLE.COM
 .Ed
 .\".Sh DIAGNOSTICS
 .Sh SEE ALSO