diff options
| -rw-r--r-- | kerberosIV/src/man/krb.equiv.5 | 4 | ||||
| -rw-r--r-- | kerberosIV/src/man/krb.extra.5 | 42 | ||||
| -rw-r--r-- | kerberosV/src/lib/krb5/krb5.conf.5 | 51 | ||||
| -rw-r--r-- | lib/libc/stdlib/malloc.3 | 6 | ||||
| -rw-r--r-- | share/man/man5/passwd.5 | 4 | ||||
| -rw-r--r-- | share/man/man5/pf.conf.5 | 31 | ||||
| -rw-r--r-- | share/man/man5/resolv.conf.5 | 6 | ||||
| -rw-r--r-- | usr.bin/man/man.conf.5 | 4 | ||||
| -rw-r--r-- | usr.bin/ranlib/ranlib.5 | 4 | ||||
| -rw-r--r-- | usr.bin/tn3270/mset/map3270.5 | 4 |
10 files changed, 80 insertions, 76 deletions
diff --git a/kerberosIV/src/man/krb.equiv.5 b/kerberosIV/src/man/krb.equiv.5 index 607c78e0c9c..a897494c244 100644 --- a/kerberosIV/src/man/krb.equiv.5 +++ b/kerberosIV/src/man/krb.equiv.5 @@ -9,9 +9,9 @@ Kerberos equivalent hosts file .Sh DESCRIPTION .Nm -contains a list of IP addresses that is to be considered being the +contains a list of IP addresses that are to be considered as being the same host for Kerberos purposes. Plain addresses match a single -host. Addresses followed by a slash (/) and a number is taken as a +host. Addresses followed by a slash (/) and a number are taken as a sub-network that should be considered equal. .Pp Hash (#) starts a comment. Backslash (\\) is a continuation character. diff --git a/kerberosIV/src/man/krb.extra.5 b/kerberosIV/src/man/krb.extra.5 index 255b7353bdd..6f1b761bf2d 100644 --- a/kerberosIV/src/man/krb.extra.5 +++ b/kerberosIV/src/man/krb.extra.5 @@ -16,26 +16,30 @@ ignored. .Pp Currently defined variables are: .Bl -tag -width foo -.It kdc_timeout -time in seconds to wait for an answer from the KDC (default is 4 -seconds) -.It kdc_timesync -if this is enabled, the time differential between the client and the +.It Ar kdc_timeout +Time in seconds to wait for an answer from the KDC (default is 4 +seconds). +.It Ar kdc_timesync +If this is enabled, the time differential between the client and the KDC will be stored, and used later on when computing the correct time; -this is useful if the client's clock is drifting -.It firewall_address -the outside address of the firewall; this is used in some places to +this is useful if the client's clock is drifting. +.It Ar firewall_address +The outside address of the firewall; this is used in some places to compute a direction bit, and this might break if the server has a -different idea about which address to use then the client -.It krb4_proxy -address of a web-proxy to use when connecting to the KDC via HTTP -.It krb_default_tkt_root -the default prefix for ticket files. E.g, if your uid is 42 and the -prefix is /tmp/tkt then your default ticket file will be /tmp/tkt42 -.It krb_default_keyfile -the default kefile, normally /etc/kerberosIV/srvtab -.It nat_in_use -if a Network Address Translator (NAT) is being used. +different idea about which address to use than the client. +.It Ar krb4_proxy +Address of a web-proxy to use when connecting to the KDC via HTTP. +.It Ar krb_default_tkt_root +The default prefix for ticket files. E.g., if your uid is 42 and the +prefix is +.Pa /tmp/tkt +then your default ticket file will be +.Pa /tmp/tkt42 . +.It Ar krb_default_keyfile +The default keyfile, normally +.Pa /etc/kerberosIV/srvtab . +.It Ar nat_in_use +If a Network Address Translator (NAT) is being used. .El .Sh EXAMPLES .Bd -literal @@ -46,6 +50,6 @@ firewall_address = 10.0.0.1 krb_default_keyfile = /etc/kerberosIV/srvtab .Ed .Sh SEE ALSO -.Xr krb.equiv 5 , .Xr krb.conf 5 , +.Xr krb.equiv 5 , .Xr krb.realms 5 diff --git a/kerberosV/src/lib/krb5/krb5.conf.5 b/kerberosV/src/lib/krb5/krb5.conf.5 index 7a3d84f36b9..cb0840d014c 100644 --- a/kerberosV/src/lib/krb5/krb5.conf.5 +++ b/kerberosV/src/lib/krb5/krb5.conf.5 @@ -43,7 +43,7 @@ name: .Ed .Li STRINGs -consists of one or more non-white space characters. +consists of one or more non-whitespace characters. Currently recognised sections and bindings are: .Bl -tag -width "xxx" -offset indent .It Li [appdefaults] @@ -115,7 +115,7 @@ A list of default etypes to use. .It Li default_etypes_des = Va etypes... A list of default etypes to use when requesting a DES credential. .It Li default_keytab_name = Va keytab -The keytab to use if none other is specified, default is +The keytab to use if no other is specified, default is .Dq FILE:/etc/kerberosV/krb5.keytab . .It Li kdc_timesync = Va boolean Try to keep track of the time differential between the local machine @@ -142,7 +142,7 @@ A HTTP-proxy to use when talking to the KDC via HTTP. .It Li dns_proxy = Va proxy-spec Enable using DNS via HTTP. .It Li extra_addresses = Va address... -A list of addresses to get tickets for along with all local addresses. +A list of addresses to get tickets for, along with all local addresses. .It Li time_format = Va string How to print time strings in logs, this string is passed to .Xr strftime 3 . @@ -173,7 +173,7 @@ binding in this section looks like: .Pp The domain can be either a full name of a host or a trailing component, in the latter case the domain-string should start with a -perid. +period. .It Li [realms] .Bl -tag -width "xxx" -offset indent .It Va REALM Li = { @@ -186,9 +186,9 @@ service will be used. The kdcs will be used in the order that they are specified. .It Li admin_server = Va host[:port] Specifies the admin server for this realm, where all the modifications -to the database are perfomed. +to the database are performed. .It Li kpasswd_server = Va host[:port] -Points to the server where all the password changes are perfomed. +Points to the server where all the password changes are performed. If there is no such entry, the kpasswd port on the admin_server host will be tried. .It Li krb524_server = Va Host[:port] @@ -218,18 +218,18 @@ manual page for a list of defined destinations. .It database Li = { .Bl -tag -width "xxx" -offset indent .It dbname Li = Va DATABASENAME -use this database for this realm. +Use this database for this realm. .It realm Li = Va REALM -specifies the realm that will be stored in this database. +Specifies the realm that will be stored in this database. .It mkey_file Li = Pa FILENAME -use this keytab file for the master key of this database. +Use this keytab file for the master key of this database. If not specified .Va DATABASENAME Ns .mkey will be used. .It acl_file Li = PA FILENAME -use this file for the ACL list of this database. +Use this file for the ACL list of this database. .It log_file Li = Pa FILENAME -use this file as the log of changes performed to the database. This +Use this file as the log of changes performed to the database. This file is used by .Nm ipropd-master for propagating changes to slaves. @@ -241,33 +241,34 @@ Maximum size of a kdc request. If set pre-authentication is required. Since krb4 requests are not pre-authenticated they will be rejected. .It ports = Va "list of ports" -list of ports the kdc should listen to. +List of ports the kdc should listen to. .It addresses = Va "list of interfaces" -list of addresses the kdc should bind to. +List of addresses the kdc should bind to. .It enable-kerberos4 = Va BOOL -turn on kerberos4 support. +Turn on kerberos4 support. .It v4-realm = Va REALM -to what realm v4 requests should be mapped. +To what realm v4 requests should be mapped. .It enable-524 = Va BOOL -should the Kerberos 524 converting facility be turned on. Default is same as +Should the Kerberos 524 converting facility be turned on. +Default is the same as .Va enable-kerberos4 . .It enable-http = Va BOOL -should the kdc answer kdc-requests over http. +Should the kdc answer kdc-requests over http. .It enable-kaserver = Va BOOL -if this kdc should emulate the AFS kaserver. +If this kdc should emulate the AFS kaserver. .It check-ticket-addresses = Va BOOL -verify the addresses in the tickets used in tgs requests. +Verify the addresses in the tickets used in tgs requests. .\" XXX .It allow-null-ticket-addresses = Va BOOL -allow addresses-less tickets. +Allow address-less tickets. .\" XXX .It allow-anonymous = Va BOOL -if the kdc is allowed to hand out anonymous tickets. +If the kdc is allowed to hand out anonymous tickets. .It encode_as_rep_as_tgs_rep = Va BOOL -encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did. +Encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did. .\" XXX .It kdc_warn_pwexpire = Va TIME -the time before expiration that the user should be warned that her +The time before expiration that the user should be warned that her password is about to expire. .It logging = Va Logging What type of logging the kdc should use, see also [logging]/kdc. @@ -277,7 +278,7 @@ What type of logging the kdc should use, see also [logging]/kdc. .It require-preauth = Va BOOL If pre-authentication is required to talk to the kadmin server. .It default_keys = Va keytypes... -for each entry in +For each entry in .Va default_keys try to parse it as a sequence of .Va etype:salttype:salt @@ -285,7 +286,7 @@ syntax of this if something like: .Pp [(des|des3|etype):](pw-salt|afs3-salt)[:string] .Pp -if +If .Ar etype is omitted it means everything, and if string is omitted is means the default string (for that principal). Additional special values of keyttypes are: .Bl -tag -width "xxx" -offset indent diff --git a/lib/libc/stdlib/malloc.3 b/lib/libc/stdlib/malloc.3 index 8f05c38e866..4e31ad43552 100644 --- a/lib/libc/stdlib/malloc.3 +++ b/lib/libc/stdlib/malloc.3 @@ -34,7 +34,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: malloc.3,v 1.24 2001/12/05 09:49:39 deraadt Exp $ +.\" $OpenBSD: malloc.3,v 1.25 2003/01/21 19:59:09 jmc Exp $ .\" .Dd August 27, 1996 .Dt MALLOC 3 @@ -223,7 +223,7 @@ This can substantially aid in compacting memory. .Pp .It Cm X .Dq xmalloc . -rather than return failure, +Rather than return failure, .Xr abort 3 the program with a diagnostic message on stderr. It is the intention that this option be set at compile time by @@ -256,7 +256,7 @@ The .Cm J and .Cm Z -is mostly for testing and debugging. +flags are mostly for testing and debugging. If a program changes behavior if either of these options are used, it is buggy. .Pp diff --git a/share/man/man5/passwd.5 b/share/man/man5/passwd.5 index 447d40b82fa..4b564d4c29f 100644 --- a/share/man/man5/passwd.5 +++ b/share/man/man5/passwd.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: passwd.5,v 1.23 2002/03/27 18:10:38 millert Exp $ +.\" $OpenBSD: passwd.5,v 1.24 2003/01/21 19:59:09 jmc Exp $ .\" $NetBSD: passwd.5,v 1.4 1995/07/28 06:46:05 phil Exp $ .\" .\" Copyright (c) 1988, 1991, 1993 @@ -234,7 +234,7 @@ or .Ar gid fields, the specified numbers will override the information retrieved from the YP maps. -As well, if the +Additionally, if the .Ar gecos , .Ar dir , or diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index c08abfddfc2..bab0f063edc 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.165 2003/01/15 23:19:19 henning Exp $ +.\" $OpenBSD: pf.conf.5,v 1.166 2003/01/21 19:59:09 jmc Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" All rights reserved. @@ -48,7 +48,7 @@ User-defined variables may be defined and later used, simplifying the configuration file. .It Options Options tune the behaviour of the packet filtering engine. -.It Traffic Normalization (e.g. Pa scrub No ) +.It Traffic Normalization (e.g. Pa scrub Ns ) Traffic normalization protects internal machines against inconsistencies in Internet protocols and implementations. .It Queueing @@ -135,7 +135,7 @@ the connection. Increasing tcp.finwait (and possibly tcp.closing) can prevent blocking of such packets. .It Pa tcp.closed -The state after one endpoint sends a RST. +The state after one endpoint sends an RST. .El .Pp ICMP and UDP are handled in a fashion similar to TCP, but with a much more @@ -221,10 +221,10 @@ Optimize the engine for one of the following network environments: A normal network environment. Suitable for almost all networks. .It Pa high-latency -A high-latency environment (such as a satellite connection) +A high-latency environment (such as a satellite connection). .It Pa satellite Alias for -.Pa high-latency +.Pa high-latency . .It Pa aggressive Aggressively expire connections. This can greatly reduce the memory usage of the firewall at the cost of @@ -482,12 +482,12 @@ below). queue std bandwidth 10% cbq(default) queue http bandwidth 60% priority 2 cbq(borrow red) \\ { employees, developers } - queue developers bandwidth 75% cbq(borrow) - queue employees bandwidth 15% + queue developers bandwidth 75% cbq(borrow) + queue employees bandwidth 15% queue mail bandwidth 10% priority 0 cbq(borrow ecn) queue ssh bandwidth 20% cbq(borrow) { ssh_interactive, ssh_bulk } - queue ssh_interactive priority 7 - queue ssh_bulk priority 0 + queue ssh_interactive priority 7 + queue ssh_bulk priority 0 block return out on dc0 inet all queue std pass out on dc0 inet proto tcp from $developerhosts to any port 80 \\ @@ -850,7 +850,7 @@ Flag SYN is set. The other flags are ignored. .It Pa flags S/SA Out of SYN and ACK, exactly SYN may be set. -SYN, SYN+PSH, SYN+RST match, but SYN+ACK, ACK and ACK+RST do not. +SYN, SYN+PSH and SYN+RST match, but SYN+ACK, ACK and ACK+RST do not. This is more restrictive than the previous example. .It Pa flags /SFRA If the first set is not specified, it defaults to none. @@ -1128,7 +1128,7 @@ For instance: .Ed .Pp This ruleset blocks everything by default. -Only outgoing connections and incoming connection to port 25 are allowed. +Only outgoing connections and incoming connections to port 25 are allowed. The initial packet of each connection has the SYN flag set, will be passed and creates state. All further packets of these connections are passed if they match a state. @@ -1162,9 +1162,8 @@ For example, pass out inet proto icmp all icmp-type echoreq keep state .Ed .Pp -allows echo requests, -e.g as created by -.Xr ping 8 , +allows echo requests (such as those created by +.Xr ping 8 ) out, creates state, and matches incoming echo replies correctly to states. .Pp Note: @@ -1211,7 +1210,7 @@ shift the sequencing of each side of a connection .Po add a random number to each side. .Pc -Both sides of the connection will notice, that its peer has suddenly +Both sides of the connection will notice that its peer has suddenly shifted its sequence by a random amount. Neither side will be able to recover and the connection will stall and eventually close. @@ -1320,7 +1319,7 @@ For instance, the rule .Ed .Pp never applies to a fragment, even if the fragment is part of a TCP -packet with destination port 80, because without reassembly, this information +packet with destination port 80, because without reassembly this information is not available for each fragment. This also means that fragments cannot create new or match existing state table entries, which makes stateful filtering and address diff --git a/share/man/man5/resolv.conf.5 b/share/man/man5/resolv.conf.5 index 49053e19b72..af31b6229d3 100644 --- a/share/man/man5/resolv.conf.5 +++ b/share/man/man5/resolv.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: resolv.conf.5,v 1.19 2001/10/04 10:28:20 wilfried Exp $ +.\" $OpenBSD: resolv.conf.5,v 1.20 2003/01/21 19:59:09 jmc Exp $ .\" $NetBSD: resolv.conf.5,v 1.7 1996/03/06 18:22:16 scottr Exp $ .\" .\" Copyright (c) 1986, 1991 The Regents of the University of California. @@ -167,7 +167,7 @@ attach OPT pseudo-RR for ENDS0 extension specified in RFC2671, to inform DNS server of our receive buffer size. The option will allow DNS servers to take advantage of non-default receive buffer size, and to send larger replies. -DNS query packets with EDNS0 extension is not compatible with +DNS query packets with EDNS0 extension are not compatible with non-EDNS0 DNS servers. The option must be used only when all the DNS servers listed in .Sy nameserver @@ -180,7 +180,7 @@ Use of this option is discouraged, and meaningless on .Ox . .It Sy insecure1 Do not require IP source address on the reply packet to be equal to the -servers' address. +server's address. .It Sy insecure2 Do not check if the query section of the reply packet is equal to that of the query packet. diff --git a/usr.bin/man/man.conf.5 b/usr.bin/man/man.conf.5 index 71cb478e4a6..43667ba9c12 100644 --- a/usr.bin/man/man.conf.5 +++ b/usr.bin/man/man.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: man.conf.5,v 1.7 2000/03/14 21:31:35 aaron Exp $ +.\" $OpenBSD: man.conf.5,v 1.8 2003/01/21 19:59:09 jmc Exp $ .\" .\" Copyright (c) 1989, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -167,7 +167,7 @@ directory would be searched as well, before the directory was searched. .Pp If ``mktemp.tbl'' was found first, the command -.Dq Li tbl <manual page> | nroff -man +.Dq Li tbl <manual page> \&| nroff -man would be run to build a man page for display to the user. .Pp The command diff --git a/usr.bin/ranlib/ranlib.5 b/usr.bin/ranlib/ranlib.5 index 51f22c04d59..fabfce2c305 100644 --- a/usr.bin/ranlib/ranlib.5 +++ b/usr.bin/ranlib/ranlib.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ranlib.5,v 1.4 2000/03/10 20:17:50 aaron Exp $ +.\" $OpenBSD: ranlib.5,v 1.5 2003/01/21 19:59:09 jmc Exp $ .\" .\" Copyright (c) 1990, 1991 The Regents of the University of California. .\" All rights reserved. @@ -71,7 +71,7 @@ of an individual ranlib structure. The third part is a .Li long followed by a string table. -The long is the size, in bytes of the string table. +The long is the size, in bytes, of the string table. .Sh SEE ALSO .Xr ar 1 , .Xr ranlib 1 diff --git a/usr.bin/tn3270/mset/map3270.5 b/usr.bin/tn3270/mset/map3270.5 index ebb67f7e928..a0976c0cbdd 100644 --- a/usr.bin/tn3270/mset/map3270.5 +++ b/usr.bin/tn3270/mset/map3270.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: map3270.5,v 1.5 1999/06/05 01:21:43 aaron Exp $ +.\" $OpenBSD: map3270.5,v 1.6 2003/01/21 19:59:09 jmc Exp $ .\" Copyright (c) 1986 The Regents of the University of California. .\" All rights reserved. .\" @@ -188,7 +188,7 @@ to send a (possibly visual) bell sequence to the user's terminal. RIGHT right cursor LEFT left cursor SETTAB set a column tab - DELTAB delete a columntab + DELTAB delete a column tab SETMRG set left margin SETHOM set home position CLRTAB clear all column tabs |