make regen

src/man/kadmin.man

@@ -649,7 +649,7 @@ expression.
 .sp
 This command requires the \fBlist\fP privilege.
 .sp
-Alias: \fBlistprincs\fP, \fBget_principals\fP, \fBget_princs\fP
+Alias: \fBlistprincs\fP, \fBget_principals\fP, \fBgetprincs\fP
 .sp
 Example:
 .INDENT 0.0
@@ -678,7 +678,7 @@ Displays string attributes on \fIprincipal\fP\&.
 .sp
 This command requires the \fBinquire\fP privilege.
 .sp
-Alias: \fBgetstr\fP
+Alias: \fBgetstrs\fP
 .SS set_string
 .INDENT 0.0
 .INDENT 3.5
@@ -885,7 +885,7 @@ tabs.
 .sp
 This command requires the \fBinquire\fP privilege.
 .sp
-Alias: getpol
+Alias: \fBgetpol\fP
 .sp
 Examples:
 .INDENT 0.0
@@ -994,6 +994,8 @@ An entry for each of the principal\(aqs unique encryption types is added,
 ignoring multiple keys with the same encryption type but different
 salt types.
 .sp
+Alias: \fBxst\fP
+.sp
 Example:
 .INDENT 0.0
 .INDENT 3.5
@@ -1036,6 +1038,8 @@ used.
 Display less verbose information.
 .UNINDENT
 .sp
+Alias: \fBktrem\fP
+.sp
 Example:
 .INDENT 0.0
 .INDENT 3.5

src/man/kdestroy.man

@@ -36,6 +36,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 [\fB\-A\fP]
 [\fB\-q\fP]
 [\fB\-c\fP \fIcache_name\fP]
+[\fB\-p\fP \fIprinc_name\fP]
 .SH DESCRIPTION
 .sp
 The kdestroy utility destroys the user\(aqs active Kerberos authorization

src/man/kinit.man

@@ -45,13 +45,14 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 [\fB\-E\fP]
 [\fB\-v\fP]
 [\fB\-R\fP]
-[\fB\-k\fP [\-\fBt\fP \fIkeytab_file\fP]]
+[\fB\-k\fP [\fB\-i\fP | \-\fBt\fP \fIkeytab_file\fP]]
 [\fB\-c\fP \fIcache_name\fP]
 [\fB\-n\fP]
 [\fB\-S\fP \fIservice_name\fP]
 [\fB\-I\fP \fIinput_ccache\fP]
 [\fB\-T\fP \fIarmor_ccache\fP]
 [\fB\-X\fP \fIattribute\fP[=\fIvalue\fP]]
+[\fB\-\-request\-pac\fP | \fB\-\-no\-request\-pac\fP]
 [\fIprincipal\fP]
 .SH DESCRIPTION
 .sp
@@ -226,6 +227,13 @@ protocol
 \fBdisable_freshness\fP[\fB=yes\fP]
 disable sending freshness tokens (for testing purposes only)
 .UNINDENT
+.TP
+\fB\-\-request\-pac\fP | \fB\-\-no\-request\-pac\fP
+mutually exclusive.  If \fB\-\-request\-pac\fP is set, ask the KDC to
+include a PAC in authdata; if \fB\-\-no\-request\-pac\fP is set, ask the
+KDC not to include a PAC; if neither are set,  the KDC will follow
+its default, which is typically is to include a PAC if doing so is
+supported.
 .UNINDENT
 .SH ENVIRONMENT
 .sp

src/man/klist.man

@@ -36,8 +36,9 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 [\fB\-e\fP]
 [[\fB\-c\fP] [\fB\-l\fP] [\fB\-A\fP] [\fB\-f\fP] [\fB\-s\fP] [\fB\-a\fP [\fB\-n\fP]]]
 [\fB\-C\fP]
-[\fB\-k\fP [\fB\-t\fP] [\fB\-K\fP]]
+[\fB\-k\fP [\fB\-i\fP] [\fB\-t\fP] [\fB\-K\fP]]
 [\fB\-V\fP]
+[\fB\-d\fP]
 [\fIcache_name\fP|\fIkeytab_name\fP]
 .SH DESCRIPTION
 .sp
@@ -122,6 +123,9 @@ keytab file.
 Display the value of the encryption key in each keytab entry in
 the keytab file.
 .TP
+\fB\-d\fP
+Display the authdata types (if any) for each entry.
+.TP
 \fB\-V\fP
 Display the Kerberos version number and exit.
 .UNINDENT

src/man/kpropd.man

@@ -41,8 +41,9 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 [\fB\-p\fP \fIkdb5_util_prog\fP]
 [\fB\-P\fP \fIport\fP]
 [\fB\-\-pid\-file\fP=\fIpid_file\fP]
+[\fB\-D\fP]
 [\fB\-d\fP]
-[\fB\-t\fP]
+[\fB\-s\fP \fIkeytab_file\fP]
 .SH DESCRIPTION
 .sp
 The \fIkpropd\fP command runs on the replica KDC server.  It listens for
@@ -110,21 +111,22 @@ default, the primary admin server is contacted.
 Specifies the filename where the dumped principal database file is
 to be stored; by default the dumped database file is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/from_master\fP\&.
 .TP
+\fB\-F\fP \fIkerberos_db\fP
+Path to the Kerberos database file, if not the default.
+.TP
 \fB\-p\fP
 Allows the user to specify the pathname to the kdb5_util(8)
 program; by default the pathname used is \fB@SBINDIR@\fP\fB/kdb5_util\fP\&.
 .TP
-\fB\-d\fP
-Turn on debug mode.  In this mode, kpropd will not detach
-itself from the current job and run in the background.  Instead,
-it will run in the foreground and print out debugging messages
-during the database propagation.
+\fB\-D\fP
+In this mode, kpropd will not detach itself from the current job
+and run in the background.  Instead, it will run in the
+foreground.
 .TP
-\fB\-t\fP
-In standalone mode without incremental propagation, exit after one
-dump file is received.  In incremental propagation mode, exit as
-soon as the database is up to date, or if the primary returns an
-error.
+\fB\-d\fP
+Turn on debug mode.  kpropd will print out debugging messages
+during the database propogation and will run in the foreground
+(implies \fB\-D\fP).
 .TP
 \fB\-P\fP
 Allow for an alternate port number for kpropd to listen on.  This
@@ -137,15 +139,12 @@ default the path used is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kpropd.acl\fP\&.
 \fB\-\-pid\-file\fP=\fIpid_file\fP
 In standalone mode, write the process ID of the daemon into
 \fIpid_file\fP\&.
-.UNINDENT
-.SH ENVIRONMENT
-.sp
-kpropd uses the following environment variables:
-.INDENT 0.0
-.IP \(bu 2
-\fBKRB5_CONFIG\fP
-.IP \(bu 2
-\fBKRB5_KDC_PROFILE\fP
+.TP
+\fB\-s\fP \fIkeytab_file\fP
+Path to a keytab to use for acquiring acceptor credentials.
+.TP
+\fB\-x\fP \fIdb_args\fP
+Database\-specific arguments.  See Database Options in kadmin(1) for supported arguments.
 .UNINDENT
 .SH FILES
 .INDENT 0.0

src/man/krb5.conf.man

@@ -1291,10 +1291,9 @@ The default is 2048.
 \fBpkinit_identities\fP
 Specifies the location(s) to be used to find the user\(aqs X.509
 identity information.  If this option is specified multiple times,
-the first valid value is used; this can be used to specify an
-environment variable (with \fBENV:\fP\fIenvvar\fP) followed by a
-default value.  Note that these values are not used if the user
-specifies \fBX509_user_identity\fP on the command line.
+each value is attempted in order until certificates are found.
+Note that these values are not used if the user specifies
+\fBX509_user_identity\fP on the command line.
 .TP
 \fBpkinit_kdc_hostname\fP
 The presence of this option indicates that the client is willing

src/man/ktutil.man

@@ -42,11 +42,13 @@ V4 srvtab files are no longer supported.)
 .SS list
 .INDENT 0.0
 .INDENT 3.5
-\fBlist\fP
+\fBlist\fP [\fB\-t\fP] [\fB\-k\fP] [\fB\-e\fP]
 .UNINDENT
 .UNINDENT
 .sp
-Displays the current keylist.
+Displays the current keylist.  If \fB\-t\fP, \fB\-k\fP, and/or \fB\-e\fP are
+specified, also display the timestamp, key contents, or enctype
+(respectively).
 .sp
 Alias: \fBl\fP
 .SS read_kt