Updates for krb5-1.13-alpha1krb5-1.13-alpha1

1 files changed, 38 insertions, 28 deletions

diff --git a/src/man/kadm5.acl.man b/src/man/kadm5.acl.man
index dbdb10d..4aa21fc 100644
--- a/src/man/kadm5.acl.man
+++ b/src/man/kadm5.acl.man
@@ -1,3 +1,5 @@
+.\" Man page generated from reStructuredText.
+.
 .TH "KADM5.ACL" "5" " " "1.13" "MIT Kerberos"
 .SH NAME
 kadm5.acl \- Kerberos ACL file
@@ -28,8 +30,6 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.\" Man page generated from reStructuredText.
-.
 .SH DESCRIPTION
 .sp
 The Kerberos \fIkadmind(8)\fP daemon uses an Access Control List
@@ -39,7 +39,7 @@ which principals can operate on which other principals.
 .sp
 The default location of the Kerberos ACL file is
 \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP  unless this is overridden by the \fIacl_file\fP
-variable in \fIkdc.conf(5)\fP.
+variable in \fIkdc.conf(5)\fP\&.
 .SH SYNTAX
 .sp
 Empty lines and lines starting with the sharp sign (\fB#\fP) are
@@ -54,10 +54,14 @@ principal  permissions  [target_principal  [restrictions] ]
 .fi
 .UNINDENT
 .UNINDENT
-.IP Note
+.sp
+\fBNOTE:\fP
+.INDENT 0.0
+.INDENT 3.5
 Line order in the ACL file is important.  The first matching entry
 will control access for an actor principal on a target principal.
-.RE
+.UNINDENT
+.UNINDENT
 .INDENT 0.0
 .TP
 .B \fIprincipal\fP
@@ -105,7 +109,7 @@ _
 T{
 l
 T}	T{
-[Dis]allows the listing of principals or policies
+[Dis]allows the listing of all principals or policies
 T}
 _
 T{
@@ -129,7 +133,7 @@ _
 T{
 x
 T}	T{
-Short for admcil. All privileges
+Short for admcilsp. All privileges
 T}
 _
 T{
@@ -148,7 +152,7 @@ character.
 .sp
 \fItarget_principal\fP can also include back\-references to \fIprincipal\fP,
 in which \fB*number\fP matches the corresponding wildcard in
-\fIprincipal\fP.
+\fIprincipal\fP\&.
 .TP
 .B \fIrestrictions\fP
 (Optional) A string of flags. Allowed restrictions are:
@@ -165,7 +169,7 @@ are the same as the + and \- flags for the kadmin
 policy is forced to be empty.
 .TP
 .B \fI\-policy pol\fP
-policy is forced to be \fIpol\fP.
+policy is forced to be \fIpol\fP\&.
 .TP
 .B \-{\fIexpire, pwexpire, maxlife, maxrenewlife\fP} \fItime\fP
 (\fIgetdate\fP string) associated value will be forced to
@@ -177,24 +181,28 @@ MIN(\fItime\fP, requested value).
 The above flags act as restrictions on any add or modify operation
 which is allowed due to that ACL line.
 .UNINDENT
-.IP Warning
+.sp
+\fBWARNING:\fP
+.INDENT 0.0
+.INDENT 3.5
 If the kadmind ACL file is modified, the kadmind daemon needs to be
 restarted for changes to take effect.
-.RE
+.UNINDENT
+.UNINDENT
 .SH EXAMPLE
 .sp
-Here is an example of a kadm5.acl file.
+Here is an example of a kadm5.acl file:
 .INDENT 0.0
 .INDENT 3.5
 .sp
 .nf
 .ft C
-*/admin@ATHENA.MIT.EDU        *                           # line 1
+*/admin@ATHENA.MIT.EDU    *                               # line 1
 joeadmin@ATHENA.MIT.EDU   ADMCIL                          # line 2
-joeadmin/*@ATHENA.MIT.EDU il  */root@ATHENA.MIT.EDU       # line 3
-*/root@ATHENA.MIT.EDU     cil *1@ATHENA.MIT.EDU           # line 4
-*/*@ATHENA.MIT.EDU        i                               # line 5
-*/admin@EXAMPLE.COM       x   * \-maxlife 9h \-postdateable # line 6
+joeadmin/*@ATHENA.MIT.EDU i   */root@ATHENA.MIT.EDU       # line 3
+*/root@ATHENA.MIT.EDU     ci  *1@ATHENA.MIT.EDU           # line 4
+*/root@ATHENA.MIT.EDU     l   *                           # line 5
+sms@ATHENA.MIT.EDU        x   * \-maxlife 9h \-postdateable # line 6
 .ft P
 .fi
 .UNINDENT
@@ -208,28 +216,30 @@ an \fBadmin\fP instance has all administrative privileges.
 1).  He has no permissions at all with his null instance,
 \fBjoeadmin@ATHENA.MIT.EDU\fP (matches line 2).  His \fBroot\fP and other
 non\-\fBadmin\fP, non\-null instances (e.g., \fBextra\fP or \fBdbadmin\fP) have
-inquire and list permissions with any principal that has the
-instance \fBroot\fP (matches line 3).
+inquire permissions with any principal that has the instance \fBroot\fP
+(matches line 3).
 .sp
-(line 4) Any \fBroot\fP principal in \fBATHENA.MIT.EDU\fP can inquire, list,
+(line 4) Any \fBroot\fP principal in \fBATHENA.MIT.EDU\fP can inquire
 or change the password of their null instance, but not any other
 null instance.  (Here, \fB*1\fP denotes a back\-reference to the
 component matching the first wildcard in the actor principal.)
 .sp
-(line 5) Any principal in the realm \fBATHENA.MIT.EDU\fP (except for
-\fBjoeadmin@ATHENA.MIT.EDU\fP, as mentioned above) has inquire
-privileges.
+(line 5) Any \fBroot\fP principal in \fBATHENA.MIT.EDU\fP can generate
+the list of principals in the database, and the list of policies
+in the database.  This line is separate from line 4, because list
+permission can only be granted globally, not to specific target
+principals.
 .sp
-(line 6) Finally, any principal with an \fBadmin\fP instance in \fBEXAMPLE.COM\fP
-has all permissions, but any principal that they create or modify will
-not be able to get postdateable tickets or tickets with a life of
-longer than 9 hours.
+(line 6) Finally, the Service Management System principal
+\fBsms@ATHENA.MIT.EDU\fP has all permissions, but any principal that it
+creates or modifies will not be able to get postdateable tickets or
+tickets with a life of longer than 9 hours.
 .SH SEE ALSO
 .sp
 \fIkdc.conf(5)\fP, \fIkadmind(8)\fP
 .SH AUTHOR
 MIT
 .SH COPYRIGHT
-1985-2013, MIT
+1985-2014, MIT
 .\" Generated by docutils manpage writer.
 .