From 4fe69e66b424f10e6a44f8bd488e3fa56682edbf Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Mon, 28 Apr 2008 23:05:27 +0000 Subject: [PATCH] Properly escape - in kdb5_ldap_util man page The LDAP plugin introduced a new man page which has unescaped hyphens. Unicode-aware groffs may convert those to real hyphens rather than the intended ASCII hyphen. This patch adds backslashes in front of all the bare hyphens that I plus Debian's lintian program could find to force interpretation as ASCII hyphens. Ticket: new Component: krb5-doc Version_Reported: 1.6.3 Target_Version: 1.6.4 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20311 dc483132-0cff-0310-8789-dd5450dbe970 --- .../kdb/ldap/ldap_util/kdb5_ldap_util.M | 110 +++++++++--------- 1 file changed, 55 insertions(+), 55 deletions(-) diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M index 3fad89136..08463b7f8 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M @@ -73,7 +73,7 @@ set. This means all the ticket options will be allowed and no restriction will b The various flags are: .TP {\fB\-\fP|\fB+\fP}\fBallow_postdated\fP -.B -allow_postdated +.B \-allow_postdated prohibits principals from obtaining postdated tickets. (Sets the .SM KRB5_KDB_DISALLOW_POSTDATED flag.) @@ -81,7 +81,7 @@ flag.) clears this flag. .TP {\fB\-\fP|\fB+\fP}\fBallow_forwardable\fP -.B -allow_forwardable +.B \-allow_forwardable prohibits principals from obtaining forwardable tickets. (Sets the .SM KRB5_KDB_DISALLOW_FORWARDABLE flag.) @@ -89,7 +89,7 @@ flag.) clears this flag. .TP {\fB\-\fP|\fB+\fP}\fBallow_renewable\fP -.B -allow_renewable +.B \-allow_renewable prohibits principals from obtaining renewable tickets. (Sets the .SM KRB5_KDB_DISALLOW_RENEWABLE flag.) @@ -97,7 +97,7 @@ flag.) clears this flag. .TP {\fB\-\fP|\fB+\fP}\fBallow_proxiable\fP -.B -allow_proxiable +.B \-allow_proxiable prohibits principals from obtaining proxiable tickets. (Sets the .SM KRB5_KDB_DISALLOW_PROXIABLE flag.) @@ -105,7 +105,7 @@ flag.) clears this flag. .TP {\fB\-\fP|\fB+\fP}\fBallow_dup_skey\fP -.B -allow_dup_skey +.B \-allow_dup_skey Disables user-to-user authentication for principals by prohibiting principals from obtaining a session key for another user. (Sets the .SM KRB5_KDB_DISALLOW_DUP_SKEY @@ -119,7 +119,7 @@ requires principals to preauthenticate before being allowed to kinit. (Sets the .SM KRB5_KDB_REQUIRES_PRE_AUTH flag.) -.B -requires_preauth +.B \-requires_preauth clears this flag. .TP {\fB\-\fP|\fB+\fP}\fBrequires_hwauth\fP @@ -128,11 +128,11 @@ requires principals to preauthenticate using a hardware device before being allowed to kinit. (Sets the .SM KRB5_KDB_REQUIRES_HW_AUTH flag.) -.B -requires_hwauth +.B \-requires_hwauth clears this flag. .TP {\fB\-\fP|\fB+\fP}\fBallow_svr\fP -.B -allow_svr +.B \-allow_svr prohibits the issuance of service tickets for principals. (Sets the .SM KRB5_KDB_DISALLOW_SVR flag.) @@ -208,9 +208,9 @@ Specifies the list of Administration service objects serving the realm. The list of the Administration service objects separated by colon(:). .TP EXAMPLE: -\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu -create -subtrees o=org -sscope SUB --r ATHENA.MIT.EDU\fP +\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu +create \-subtrees o=org \-sscope SUB +\-r ATHENA.MIT.EDU\fP .nf Password for "cn=admin,o=org": Initializing database for realm 'ATHENA.MIT.EDU' @@ -255,7 +255,7 @@ and no restriction will be set. The various flags are: .TP {\fB\-\fP|\fB+\fP}\fBallow_postdated\fP -.B -allow_postdated +.B \-allow_postdated prohibits principals from obtaining postdated tickets. (Sets the .SM KRB5_KDB_DISALLOW_POSTDATED flag.) @@ -263,7 +263,7 @@ flag.) clears this flag. .TP {\fB\-\fP|\fB+\fP}\fBallow_forwardable\fP -.B -allow_forwardable +.B \-allow_forwardable prohibits principals from obtaining forwardable tickets. (Sets the .SM KRB5_KDB_DISALLOW_FORWARDABLE flag.) @@ -271,7 +271,7 @@ flag.) clears this flag. .TP {\fB\-\fP|\fB+\fP}\fBallow_renewable\fP -.B -allow_renewable +.B \-allow_renewable prohibits principals from obtaining renewable tickets. (Sets the .SM KRB5_KDB_DISALLOW_RENEWABLE flag.) @@ -279,7 +279,7 @@ flag.) clears this flag. .TP {\fB\-\fP|\fB+\fP}\fBallow_proxiable\fP -.B -allow_proxiable +.B \-allow_proxiable prohibits principals from obtaining proxiable tickets. (Sets the .SM KRB5_KDB_DISALLOW_PROXIABLE flag.) @@ -287,7 +287,7 @@ flag.) clears this flag. .TP {\fB\-\fP|\fB+\fP}\fBallow_dup_skey\fP -.B -allow_dup_skey +.B \-allow_dup_skey Disables user-to-user authentication for principals by prohibiting principals from obtaining a session key for another user. (Sets the .SM KRB5_KDB_DISALLOW_DUP_SKEY @@ -301,7 +301,7 @@ requires principals to preauthenticate before being allowed to kinit. (Sets the .SM KRB5_KDB_REQUIRES_PRE_AUTH flag.) -.B -requires_preauth +.B \-requires_preauth clears this flag. .TP {\fB\-\fP|\fB+\fP}\fBrequires_hwauth\fP @@ -310,11 +310,11 @@ requires principals to preauthenticate using a hardware device before being allowed to kinit. (Sets the .SM KRB5_KDB_REQUIRES_HW_AUTH flag.) -.B -requires_hwauth +.B \-requires_hwauth clears this flag. .TP {\fB\-\fP|\fB+\fP}\fBallow_svr\fP -.B -allow_svr +.B \-allow_svr prohibits the issuance of service tickets for principals. (Sets the .SM KRB5_KDB_DISALLOW_SVR flag.) @@ -406,8 +406,8 @@ Specifies the list of Administration service objects that need to be added to th contains the DNs of the Administration service objects separated by a colon (:). .TP EXAMPLE: -\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu modify -+requires_preauth -r ATHENA.MIT.EDU \fP +\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu modify ++requires_preauth \-r ATHENA.MIT.EDU \fP .nf Password for "cn=admin,o=org": .fi @@ -423,8 +423,8 @@ Specifies the Kerberos realm of the database; by default the realm returned by is used. .TP EXAMPLE: -\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu view --r ATHENA.MIT.EDU\fP +\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu view +\-r ATHENA.MIT.EDU\fP .nf Password for "cn=admin,o=org": Realm Name: ATHENA.MIT.EDU @@ -450,8 +450,8 @@ Specifies the Kerberos realm of the database; by default the realm returned by is used. .TP EXAMPLE: -\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu destroy --r ATHENA.MIT.EDU\fP +\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu destroy +\-r ATHENA.MIT.EDU\fP .nf Password for "cn=admin,o=org": Deleting KDC database of 'ATHENA.MIT.EDU', are you sure? @@ -467,7 +467,7 @@ Lists the name of realms. .nf .TP EXAMPLE: -\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu list\fP +\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu list\fP Password for "cn=admin,o=org": ATHENA.MIT.EDU OPENLDAP.MIT.EDU @@ -487,7 +487,7 @@ Specifies the complete path of the service password file. By default, /usr/local Specifies Distinguished name (DN) of the service object whose password is to be stored in file. .TP EXAMPLE: -\fBkdb5_ldap_util stashsrvpw -f /home/andrew/conf_keyfile cn=service-kdc,o=org\fP +\fBkdb5_ldap_util stashsrvpw \-f /home/andrew/conf_keyfile cn=service-kdc,o=org\fP .nf Password for "cn=service-kdc,o=org": Re-enter password for "cn=service-kdc,o=org": @@ -517,7 +517,7 @@ set. This means all the ticket options will be allowed and no restriction will b The various flags are: .TP {\fB\-\fP|\fB+\fP}\fBallow_postdated\fP -.B -allow_postdated +.B \-allow_postdated prohibits principals from obtaining postdated tickets. (Sets the .SM KRB5_KDB_DISALLOW_POSTDATED flag.) @@ -525,7 +525,7 @@ flag.) clears this flag. .TP {\fB\-\fP|\fB+\fP}\fBallow_forwardable\fP -.B -allow_forwardable +.B \-allow_forwardable prohibits principals from obtaining forwardable tickets. (Sets the .SM KRB5_KDB_DISALLOW_FORWARDABLE flag.) @@ -533,7 +533,7 @@ flag.) clears this flag. .TP {\fB\-\fP|\fB+\fP}\fBallow_renewable\fP -.B -allow_renewable +.B \-allow_renewable prohibits principals from obtaining renewable tickets. (Sets the .SM KRB5_KDB_DISALLOW_RENEWABLE flag.) @@ -541,7 +541,7 @@ flag.) clears this flag. .TP {\fB\-\fP|\fB+\fP}\fBallow_proxiable\fP -.B -allow_proxiable +.B \-allow_proxiable prohibits principals from obtaining proxiable tickets. (Sets the .SM KRB5_KDB_DISALLOW_PROXIABLE flag.) @@ -549,7 +549,7 @@ flag.) clears this flag. .TP {\fB\-\fP|\fB+\fP}\fBallow_dup_skey\fP -.B -allow_dup_skey +.B \-allow_dup_skey Disables user-to-user authentication for principals by prohibiting principals from obtaining a session key for another user. (Sets the .SM KRB5_KDB_DISALLOW_DUP_SKEY @@ -563,7 +563,7 @@ requires principals to preauthenticate before being allowed to kinit. (Sets the .SM KRB5_KDB_REQUIRES_PRE_AUTH flag.) -.B -requires_preauth +.B \-requires_preauth clears this flag. .TP {\fB\-\fP|\fB+\fP}\fBrequires_hwauth\fP @@ -572,11 +572,11 @@ requires principals to preauthenticate using a hardware device before being allowed to kinit. (Sets the .SM KRB5_KDB_REQUIRES_HW_AUTH flag.) -.B -requires_hwauth +.B \-requires_hwauth clears this flag. .TP {\fB\-\fP|\fB+\fP}\fBallow_svr\fP -.B -allow_svr +.B \-allow_svr prohibits the issuance of service tickets for principals. (Sets the .SM KRB5_KDB_DISALLOW_SVR flag.) @@ -639,7 +639,7 @@ flag on principals in the database. Specifies the name of the ticket policy. .TP EXAMPLE: -\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu create_policy -r ATHENA.MIT.EDU -maxtktlife "1 day" -maxrenewlife "1 week" -allow_postdated +needchange -allow_forwardable tktpolicy\fP +\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu create_policy \-r ATHENA.MIT.EDU \-maxtktlife "1 day" \-maxrenewlife "1 week" \-allow_postdated +needchange \-allow_forwardable tktpolicy\fP .nf Password for "cn=admin,o=org": .fi @@ -657,7 +657,7 @@ returned by is used. .TP EXAMPLE: -\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu modify_policy -r ATHENA.MIT.EDU -maxtktlife "60 minutes" -maxrenewlife "10 hours" +allow_postdated -requires_preauth tktpolicy\fP +\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu modify_policy \-r ATHENA.MIT.EDU \-maxtktlife "60 minutes" \-maxrenewlife "10 hours" +allow_postdated \-requires_preauth tktpolicy\fP .nf Password for "cn=admin,o=org": .fi @@ -671,7 +671,7 @@ Displays the attributes of a ticket policy. Options: Specifies the name of the ticket policy. .TP EXAMPLE: -\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu view_policy -r ATHENA.MIT.EDU tktpolicy\fP +\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu view_policy \-r ATHENA.MIT.EDU tktpolicy\fP .nf Password for "cn=admin,o=org": Ticket policy: tktpolicy @@ -700,7 +700,7 @@ to confirm the deletion. Specifies the name of the ticket policy. .TP EXAMPLE: -\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu destroy_policy -r ATHENA.MIT.EDU tktpolicy\fP +\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu destroy_policy \-r ATHENA.MIT.EDU tktpolicy\fP .nf Password for "cn=admin,o=org": This will delete the policy object 'tktpolicy', are you sure? @@ -720,7 +720,7 @@ returned by is used. .TP EXAMPLE: -\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu list_policy -r ATHENA.MIT.EDU\fP +\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu list_policy \-r ATHENA.MIT.EDU\fP .nf Password for "cn=admin,o=org": tktpolicy @@ -735,22 +735,22 @@ userpolicy \fBsetsrvpw\fP [\fB\-randpw\fP|\fB\-fileonly\fP] [\fB\-f\fP\ \fIfilename\fP] \fIservice_dn\fP Allows an administrator to set password for service objects such as KDC and Administration server in eDirectory and store them in a file. The -.I -fileonly +.I \-fileonly option stores the password in a file and not in the eDirectory object. Options: .RS .TP \fB\-randpw \fP Generates and sets a random password. This options can be specified to store the password both in eDirectory and a file. The -.I -fileonly +.I \-fileonly option can not be used if -.I -randpw +.I \-randpw option is already specified. .TP \fB\-fileonly\fP Stores the password only in a file and not in eDirectory. The -.I -randpw +.I \-randpw option can not be used when -.I -fileonly +.I \-fileonly options is specified. .TP \fB\-f\fP\ \fIfilename\fP @@ -760,7 +760,7 @@ Specifies complete path of the service password file. By default, /usr/local/var Specifies Distinguished name (DN) of the service object whose password is to be set. .TP EXAMPLE: -\fBkdb5_ldap_util setsrvpw -D cn=admin,o=org setsrvpw -fileonly -f /home/andrew/conf_keyfile +\fBkdb5_ldap_util setsrvpw \-D cn=admin,o=org setsrvpw \-fileonly \-f /home/andrew/conf_keyfile cn=service-kdc,o=org\fP .nf Password for "cn=admin,o=org": @@ -792,16 +792,16 @@ separated by a colon (:). .TP \fB\-randpw \fP Generates and sets a random password. This option is used to set the random password for the service object in directory and also to store it in the file. The -.I -fileonly +.I \-fileonly option can not be used if -.I -randpw +.I \-randpw option is specified. .TP \fB\-fileonly\fP Stores the password only in a file and not in eDirectory. The -.I -randpw +.I \-randpw option can not be used when -.I -fileonly +.I \-fileonly option is specified. .TP \fB\-f\fP\ \fIfilename\fP @@ -811,7 +811,7 @@ Specifies the complete path of the file where the service object password is sta Specifies Distinguished name (DN) of the Kerberos service to be created. .TP EXAMPLE: -\fBkdb5_ldap_util -D cn=admin,o=org create_service -kdc -randpw -f /home/andrew/conf_keyfile cn=service-kdc,o=org\fP +\fBkdb5_ldap_util \-D cn=admin,o=org create_service \-kdc \-randpw \-f /home/andrew/conf_keyfile cn=service-kdc,o=org\fP .nf Password for "cn=admin,o=org": File does not exist. Creating the file /home/andrew/conf_keyfile... @@ -855,7 +855,7 @@ realms separated by a colon (:). Specifies Distinguished name (DN) of the Kerberos service to be modified. .TP EXAMPLE: -\fBkdb5_ldap_util -D cn=admin,o=org modify_service -realm ATHENA.MIT.EDU +\fBkdb5_ldap_util \-D cn=admin,o=org modify_service \-realm ATHENA.MIT.EDU cn=service-kdc,o=org\fP .nf Password for "cn=admin,o=org": @@ -871,7 +871,7 @@ Displays the attributes of a service. Options: Specifies Distinguished name (DN) of the Kerberos service to be viewed. .TP EXAMPLE: -\fBkdb5_ldap_util -D cn=admin,o=org view_service cn=service-kdc,o=org\fP +\fBkdb5_ldap_util \-D cn=admin,o=org view_service cn=service-kdc,o=org\fP .nf Password for "cn=admin,o=org": Service dn: cn=service-kdc,o=org @@ -897,7 +897,7 @@ needs to be removed. Specifies Distinguished name (DN) of the Kerberos service to be destroyed. .TP EXAMPLE: -\fBkdb5_ldap_util -D cn=admin,o=org destroy_service cn=service-kdc,o=org\fP +\fBkdb5_ldap_util \-D cn=admin,o=org destroy_service cn=service-kdc,o=org\fP .nf Password for "cn=admin,o=org": This will delete the service object 'cn=service-kdc,o=org', are you sure? @@ -922,7 +922,7 @@ for the base DN is .B Root. .TP EXAMPLE: -\fBkdb5_ldap_util -D cn=admin,o=org list_service\fP +\fBkdb5_ldap_util \-D cn=admin,o=org list_service\fP .nf Password for "cn=admin,o=org": cn=service-kdc,o=org -- 2.26.2