aboutsummaryrefslogtreecommitdiffstats
path: root/doc/doxyout/krb5/man/man3
diff options
context:
space:
mode:
Diffstat (limited to 'doc/doxyout/krb5/man/man3')
-rw-r--r--doc/doxyout/krb5/man/man3/krb5.3440
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_abort.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_abortx.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_address.3140
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_aname_to_localname.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_auth.370
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_ccache.3338
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_ccache_intro.321
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_credential.3151
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_crypto.3231
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_crypto_iov.38
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_dcc_ops.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_deprecated.3112
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_digest.323
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_err.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_error.3329
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_errx.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_fileformats.3169
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_free_error_message.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_generate_random.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_generate_random_block.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_get_err_text.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_get_error_message.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_get_error_string.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_get_warn_dest.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_init_creds_intro.37
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_introduction.3289
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_is_enctype_weak.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_keytab.3219
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_keytab_intro.343
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_pac.338
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_principal.3164
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_principal_intro.37
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_principal_is_gss_hostbased_service.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_principal_is_lkdc.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_principal_is_null.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_principal_is_pku2u.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_principal_is_root_krbtgt.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_realm_is_lkdc.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_ret_int64.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_ret_uint64.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_set_warn_dest.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_storage.3397
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_storage_from_socket.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_storage_fsync.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_store_int64.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_store_uint64.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_support.3312
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_ticket.311
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_v4compat.326
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_vabort.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_verr.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_verrx.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_vprepend_error_message.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_vset_error_message.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_vwarnx.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_warn.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5_warnx.31
-rw-r--r--doc/doxyout/krb5/man/man3/krb5plugin_an2ln_ftable_desc.352
-rw-r--r--doc/doxyout/krb5/man/man3/krb5plugin_db_ftable_desc.333
-rw-r--r--doc/doxyout/krb5/man/man3/krb5plugin_kuserok_ftable_desc.356
61 files changed, 2157 insertions, 1564 deletions
diff --git a/doc/doxyout/krb5/man/man3/krb5.3 b/doc/doxyout/krb5/man/man3/krb5.3
index 9fe76079a2af..13e0b8d09b2b 100644
--- a/doc/doxyout/krb5/man/man3/krb5.3
+++ b/doc/doxyout/krb5/man/man3/krb5.3
@@ -1,8 +1,11 @@
-.TH "Heimdal Kerberos 5 library" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*-
+.TH "krb5" 3 "Fri Dec 8 2017" "Version 7.5.0" "HeimdalKerberos5library" \" -*- nroff -*-
.ad l
.nh
.SH NAME
-Heimdal Kerberos 5 library \-
+krb5
+.SH SYNOPSIS
+.br
+.PP
.SS "Functions"
.in +1c
@@ -148,6 +151,9 @@ Heimdal Kerberos 5 library \-
.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_data_ct_cmp\fP (const krb5_data *data1, const krb5_data *data2)"
.br
.ti -1c
+.RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_get_err_text\fP (krb5_context context, krb5_error_code code) KRB5_DEPRECATED_FUNCTION('Use \fBkrb5_get_error_message\fP instead')"
+.br
+.ti -1c
.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_krbhst_get_addrinfo\fP (krb5_context context, krb5_krbhst_info *host, struct addrinfo **ai)"
.br
.ti -1c
@@ -178,193 +184,183 @@ Heimdal Kerberos 5 library \-
.SH "Function Documentation"
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_et_list (krb5_context context, void(*)(struct et_list **) func)"
-.PP
-Add a specified list of error messages to the et list in context. Call func (probably a comerr-generated function) with a pointer to the current et_list.
+Add a specified list of error messages to the et list in context\&. Call func (probably a comerr-generated function) with a pointer to the current et_list\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A kerberos context.
+\fIcontext\fP A kerberos context\&.
.br
-\fIfunc\fP The generated com_err et function.
+\fIfunc\fP The generated com_err et function\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_extra_addresses (krb5_context context, krb5_addresses * addresses)"
-.PP
-Add extra address to the address list that the library will add to the client's address list when communicating with the KDC.
+Add extra address to the address list that the library will add to the client's address list when communicating with the KDC\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
\fIaddresses\fP addreses to add
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_ignore_addresses (krb5_context context, krb5_addresses * addresses)"
-.PP
-Add extra addresses to ignore when fetching addresses from the underlaying operating system.
+Add extra addresses to ignore when fetching addresses from the underlaying operating system\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
\fIaddresses\fP addreses to ignore
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_compare_creds (krb5_context context, krb5_flags whichfields, const krb5_creds * mcreds, const krb5_creds * creds)"
-.PP
-Return TRUE if `mcreds' and `creds' are equal (`whichfields' determines what equal means).
+Return TRUE if `mcreds' and `creds' are equal (`whichfields' determines what equal means)\&.
.PP
The following flags, set in whichfields affects the comparison:
.IP "\(bu" 2
-KRB5_TC_MATCH_SRV_NAMEONLY Consider all realms equal when comparing the service principal.
+KRB5_TC_MATCH_SRV_NAMEONLY Consider all realms equal when comparing the service principal\&.
.IP "\(bu" 2
-KRB5_TC_MATCH_KEYTYPE Compare enctypes.
+KRB5_TC_MATCH_KEYTYPE Compare enctypes\&.
.IP "\(bu" 2
-KRB5_TC_MATCH_FLAGS_EXACT Make sure that the ticket flags are identical.
+KRB5_TC_MATCH_FLAGS_EXACT Make sure that the ticket flags are identical\&.
.IP "\(bu" 2
-KRB5_TC_MATCH_FLAGS Make sure that all ticket flags set in mcreds are also present in creds .
+KRB5_TC_MATCH_FLAGS Make sure that all ticket flags set in mcreds are also present in creds \&.
.IP "\(bu" 2
-KRB5_TC_MATCH_TIMES_EXACT Compares the ticket times exactly.
+KRB5_TC_MATCH_TIMES_EXACT Compares the ticket times exactly\&.
.IP "\(bu" 2
-KRB5_TC_MATCH_TIMES Compares only the expiration times of the creds.
+KRB5_TC_MATCH_TIMES Compares only the expiration times of the creds\&.
.IP "\(bu" 2
-KRB5_TC_MATCH_AUTHDATA Compares the authdata fields.
+KRB5_TC_MATCH_AUTHDATA Compares the authdata fields\&.
.IP "\(bu" 2
-KRB5_TC_MATCH_2ND_TKT Compares the second tickets (used by user-to-user authentication).
+KRB5_TC_MATCH_2ND_TKT Compares the second tickets (used by user-to-user authentication)\&.
.IP "\(bu" 2
-KRB5_TC_MATCH_IS_SKEY Compares the existance of the second ticket.
+KRB5_TC_MATCH_IS_SKEY Compares the existance of the second ticket\&.
.PP
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
-\fIwhichfields\fP which fields to compare.
+\fIwhichfields\fP which fields to compare\&.
.br
-\fImcreds\fP cred to compare with.
+\fImcreds\fP cred to compare with\&.
.br
-\fIcreds\fP cred to compare with.
+\fIcreds\fP cred to compare with\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-return TRUE if mcred and creds are equal, FALSE if not.
+return TRUE if mcred and creds are equal, FALSE if not\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_context (krb5_context context, krb5_context * out)"
-.PP
-Make a copy for the Kerberos 5 context, the new krb5_context shoud be freed with \fBkrb5_free_context()\fP.
+Make a copy for the Kerberos 5 context, the new krb5_context shoud be freed with \fBkrb5_free_context()\fP\&.
.PP
\fBParameters:\fP
.RS 4
\fIcontext\fP the Kerberos context to copy
.br
-\fIout\fP the copy of the Kerberos, set to NULL error.
+\fIout\fP the copy of the Kerberos, set to NULL error\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_creds (krb5_context context, const krb5_creds * incred, krb5_creds ** outcred)"
-.PP
-Copy krb5_creds.
+Copy krb5_creds\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
\fIincred\fP source credential
.br
-\fIoutcred\fP destination credential, free with \fBkrb5_free_creds()\fP.
+\fIoutcred\fP destination credential, free with \fBkrb5_free_creds()\fP\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_creds_contents (krb5_context context, const krb5_creds * incred, krb5_creds * c)"
-.PP
-Copy content of krb5_creds.
+Copy content of krb5_creds\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
\fIincred\fP source credential
.br
-\fIc\fP destination credential, free with \fBkrb5_free_cred_contents()\fP.
+\fIc\fP destination credential, free with \fBkrb5_free_cred_contents()\fP\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_data (krb5_context context, const krb5_data * indata, krb5_data ** outdata)"
-.PP
-Copy the data into a newly allocated krb5_data.
+Copy the data into a newly allocated krb5_data\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
\fIindata\fP the krb5_data data to copy
.br
-\fIoutdata\fP new krb5_date to copy too. Free with \fBkrb5_free_data()\fP.
+\fIoutdata\fP new krb5_date to copy too\&. Free with \fBkrb5_free_data()\fP\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned.
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_host_realm (krb5_context context, const krb5_realm * from, krb5_realm ** to)"
-.PP
-Copy the list of realms from `from' to `to'.
+Copy the list of realms from `from' to `to'\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
-\fIfrom\fP list of realms to copy from.
+\fIfrom\fP list of realms to copy from\&.
.br
-\fIto\fP list of realms to copy to, free list of \fBkrb5_free_host_realm()\fP.
+\fIto\fP list of realms to copy to, free list of \fBkrb5_free_host_realm()\fP\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_ticket (krb5_context context, const krb5_ticket * from, krb5_ticket ** to)"
-.PP
Copy ticket and content
.PP
\fBParameters:\fP
@@ -378,13 +374,12 @@ Copy ticket and content
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL krb5_creds_get_ticket_flags (krb5_creds * creds)"
-.PP
-Returns the ticket flags for the credentials in creds. See also \fBkrb5_ticket_get_flags()\fP.
+Returns the ticket flags for the credentials in creds\&. See also \fBkrb5_ticket_get_flags()\fP\&.
.PP
\fBParameters:\fP
.RS 4
@@ -398,25 +393,23 @@ ticket flags
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_alloc (krb5_data * p, int len)"
-.PP
-Allocate data of and krb5_data.
+Allocate data of and krb5_data\&.
.PP
\fBParameters:\fP
.RS 4
-\fIp\fP krb5_data to allocate.
+\fIp\fP krb5_data to allocate\&.
.br
-\fIlen\fP size to allocate.
+\fIlen\fP size to allocate\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned.
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_data_cmp (const krb5_data * data1, const krb5_data * data2)"
-.PP
-Compare to data.
+Compare to data\&.
.PP
\fBParameters:\fP
.RS 4
@@ -427,31 +420,29 @@ Compare to data.
.PP
\fBReturns:\fP
.RS 4
-return the same way as memcmp(), useful when sorting.
+return the same way as memcmp(), useful when sorting\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_copy (krb5_data * p, const void * data, size_t len)"
-.PP
-Copy the data of len into the krb5_data.
+Copy the data of len into the krb5_data\&.
.PP
\fBParameters:\fP
.RS 4
-\fIp\fP krb5_data to copy into.
+\fIp\fP krb5_data to copy into\&.
.br
-\fIdata\fP data to copy..
+\fIdata\fP data to copy\&.\&.
.br
-\fIlen\fP new size.
+\fIlen\fP new size\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned.
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_data_ct_cmp (const krb5_data * data1, const krb5_data * data2)"
-.PP
Compare to data not exposing timing information from the checksum data
.PP
\fBParameters:\fP
@@ -463,120 +454,111 @@ Compare to data not exposing timing information from the checksum data
.PP
\fBReturns:\fP
.RS 4
-returns zero for same data, otherwise non zero.
+returns zero for same data, otherwise non zero\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_data_free (krb5_data * p)"
-.PP
-Free the content of krb5_data structure, its ok to free a zeroed structure (with memset() or \fBkrb5_data_zero()\fP). When done, the structure will be zeroed. The same function is called \fBkrb5_free_data_contents()\fP in MIT Kerberos.
+Free the content of krb5_data structure, its ok to free a zeroed structure (with memset() or \fBkrb5_data_zero()\fP)\&. When done, the structure will be zeroed\&. The same function is called \fBkrb5_free_data_contents()\fP in MIT Kerberos\&.
.PP
\fBParameters:\fP
.RS 4
-\fIp\fP krb5_data to free.
+\fIp\fP krb5_data to free\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_realloc (krb5_data * p, int len)"
-.PP
-Grow (or shrink) the content of krb5_data to a new size.
+Grow (or shrink) the content of krb5_data to a new size\&.
.PP
\fBParameters:\fP
.RS 4
-\fIp\fP krb5_data to free.
+\fIp\fP krb5_data to free\&.
.br
-\fIlen\fP new size.
+\fIlen\fP new size\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned.
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_data_zero (krb5_data * p)"
-.PP
-Reset the (potentially uninitalized) krb5_data structure.
+Reset the (potentially uninitalized) krb5_data structure\&.
.PP
\fBParameters:\fP
.RS 4
-\fIp\fP krb5_data to reset.
+\fIp\fP krb5_data to reset\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_config_files (char ** filenames)"
-.PP
-Free a list of configuration files.
+Free a list of configuration files\&.
.PP
\fBParameters:\fP
.RS 4
-\fIfilenames\fP list, terminated with a NULL pointer, to be freed. NULL is an valid argument.
+\fIfilenames\fP list, terminated with a NULL pointer, to be freed\&. NULL is an valid argument\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_context (krb5_context context)"
-.PP
-Frees the krb5_context allocated by \fBkrb5_init_context()\fP.
+Frees the krb5_context allocated by \fBkrb5_init_context()\fP\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP context to be freed.
+\fIcontext\fP context to be freed\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_cred_contents (krb5_context context, krb5_creds * c)"
-.PP
-Free content of krb5_creds.
+Free content of krb5_creds\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
-\fIc\fP krb5_creds to free.
+\fIc\fP krb5_creds to free\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_creds (krb5_context context, krb5_creds * c)"
-.PP
-Free krb5_creds.
+Free krb5_creds\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
-\fIc\fP krb5_creds to free.
+\fIc\fP krb5_creds to free\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_data (krb5_context context, krb5_data * p)"
-.PP
-Free krb5_data (and its content).
+Free krb5_data (and its content)\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
-\fIp\fP krb5_data to free.
+\fIp\fP krb5_data to free\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_ticket (krb5_context context, krb5_ticket * ticket)"
-.PP
Free ticket and content
.PP
\fBParameters:\fP
@@ -588,119 +570,132 @@ Free ticket and content
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_config_files (char *** pfilenames)"
-.PP
-Get the global configuration list.
+Get the global configuration list\&.
.PP
\fBParameters:\fP
.RS 4
-\fIpfilenames\fP return array of filenames, should be freed with \fBkrb5_free_config_files()\fP.
+\fIpfilenames\fP return array of filenames, should be freed with \fBkrb5_free_config_files()\fP\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_in_tkt_etypes (krb5_context context, krb5_pdu pdu_type, krb5_enctype ** etypes)"
-.PP
-Get the default encryption types that will be use in communcation with the KDC, clients and servers.
+Get the default encryption types that will be use in communcation with the KDC, clients and servers\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
+.br
+\fIpdu_type\fP request type (AS, TGS or none)
.br
\fIetypes\fP Encryption types, array terminated with ETYPE_NULL(0), caller should free array with krb5_xfree():
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_get_dns_canonicalize_hostname (krb5_context context)"
+Get if the library uses DNS to canonicalize hostnames\&.
+.PP
+\fBParameters:\fP
+.RS 4
+\fIcontext\fP Kerberos 5 context\&.
+.RE
+.PP
+\fBReturns:\fP
+.RS 4
+return non zero if the library uses DNS to canonicalize hostnames\&.
+.RE
.PP
-Get if the library uses DNS to canonicalize hostnames.
+
+.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_get_err_text (krb5_context context, krb5_error_code code)"
+Return the error string for the error code\&. The caller must not free the string\&.
+.PP
+This function is deprecated since its not threadsafe\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
+.br
+\fIcode\fP Kerberos error code\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-return non zero if the library uses DNS to canonicalize hostnames.
+the error message matching code
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_extra_addresses (krb5_context context, krb5_addresses * addresses)"
-.PP
-Get extra address to the address list that the library will add to the client's address list when communicating with the KDC.
+Get extra address to the address list that the library will add to the client's address list when communicating with the KDC\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
\fIaddresses\fP addreses to set
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_fcache_version (krb5_context context, int * version)"
-.PP
-Get version of fcache that the library should use.
+Get version of fcache that the library should use\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
-\fIversion\fP version number.
+\fIversion\fP version number\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_ignore_addresses (krb5_context context, krb5_addresses * addresses)"
-.PP
-Get extra addresses to ignore when fetching addresses from the underlaying operating system.
+Get extra addresses to ignore when fetching addresses from the underlaying operating system\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
\fIaddresses\fP list addreses ignored
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_kdc_sec_offset (krb5_context context, int32_t * sec, int32_t * usec)"
-.PP
-Get current offset in time to the KDC.
+Get current offset in time to the KDC\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
-\fIsec\fP seconds part of offset.
+\fIsec\fP seconds part of offset\&.
.br
-\fIusec\fP micro seconds part of offset.
+\fIusec\fP micro seconds part of offset\&.
.RE
.PP
\fBReturns:\fP
@@ -710,38 +705,35 @@ returns zero
.PP
.SS "KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL krb5_get_max_time_skew (krb5_context context)"
-.PP
-Get max time skew allowed.
+Get max time skew allowed\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-timeskew in seconds.
+timeskew in seconds\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_get_use_admin_kdc (krb5_context context)"
-.PP
-Make the kerberos library default to the admin KDC.
+Make the kerberos library default to the admin KDC\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-boolean flag to telling the context will use admin KDC as the default KDC.
+boolean flag to telling the context will use admin KDC as the default KDC\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_context (krb5_context * context)"
-.PP
-Initializes the context structure and reads the configuration file /etc/krb5.conf. The structure should be freed by calling \fBkrb5_free_context()\fP when it is no longer being used.
+Initializes the context structure and reads the configuration file /etc/krb5\&.conf\&. The structure should be freed by calling \fBkrb5_free_context()\fP when it is no longer being used\&.
.PP
\fBParameters:\fP
.RS 4
@@ -750,13 +742,14 @@ Initializes the context structure and reads the configuration file /etc/krb5.con
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an errno code is returned. Failure means either that something bad happened during initialization (typically ENOMEM) or that Kerberos should not be used ENXIO.
+Returns 0 to indicate success\&. Otherwise an errno code is returned\&. Failure means either that something bad happened during initialization (typically ENOMEM) or that Kerberos should not be used ENXIO\&. If the function returns HEIM_ERR_RANDOM_OFFLINE, the random source is not available and later Kerberos calls might fail\&.
.RE
.PP
-
-.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_init_ets (krb5_context context)"
+\fBkrb5_init_context()\fP will get one random byte to make sure our random is alive\&. Assumption is that once the non blocking source allows us to pull bytes, its all seeded and allows us to pull more bytes\&.
.PP
-Init the built-in ets in the Kerberos library.
+Most Kerberos users calls \fBkrb5_init_context()\fP, so this is useful point where we can do the checking\&.
+.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_init_ets (krb5_context context)"
+Init the built-in ets in the Kerberos library\&.
.PP
\fBParameters:\fP
.RS 4
@@ -765,138 +758,122 @@ Init the built-in ets in the Kerberos library.
.PP
.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_is_thread_safe (void)"
-.PP
-Runtime check if the Kerberos library was complied with thread support.
+Runtime check if the Kerberos library was complied with thread support\&.
.PP
\fBReturns:\fP
.RS 4
-TRUE if the library was compiled with thread support, FALSE if not.
+TRUE if the library was compiled with thread support, FALSE if not\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION const krb5_enctype* KRB5_LIB_CALL krb5_kerberos_enctypes (krb5_context context)"
-.PP
-Returns the list of Kerberos encryption types sorted in order of most preferred to least preferred encryption type. Note that some encryption types might be disabled, so you need to check with \fBkrb5_enctype_valid()\fP before using the encryption type.
+Returns the list of Kerberos encryption types sorted in order of most preferred to least preferred encryption type\&. Note that some encryption types might be disabled, so you need to check with \fBkrb5_enctype_valid()\fP before using the encryption type\&.
.PP
\fBReturns:\fP
.RS 4
-list of enctypes, terminated with ETYPE_NULL. Its a static array completed into the Kerberos library so the content doesn't need to be freed.
+list of enctypes, terminated with ETYPE_NULL\&. Its a static array completed into the Kerberos library so the content doesn't need to be freed\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_get_addrinfo (krb5_context context, krb5_krbhst_info * host, struct addrinfo ** ai)"
+Return an `struct addrinfo *' for a KDC host\&.
.PP
-Return an `struct addrinfo *' for a KDC host.
-.PP
-Returns an the struct addrinfo in in that corresponds to the information in `host'. free:ing is handled by krb5_krbhst_free, so the returned ai must not be released.
-.PP
-First try this as an IP address, this allows us to add a dot at the end to stop using the search domains.
-.PP
-If the hostname contains a dot, assumes it's a FQDN and don't use search domains since that might be painfully slow when machine is disconnected from that network.
+Returns an the struct addrinfo in in that corresponds to the information in `host'\&. free:ing is handled by krb5_krbhst_free, so the returned ai must not be released\&.
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_prepend_config_files_default (const char * filelist, char *** pfilenames)"
-.PP
-Prepend the filename to the global configuration list.
+Prepend the filename to the global configuration list\&.
.PP
\fBParameters:\fP
.RS 4
\fIfilelist\fP a filename to add to the default list of filename
.br
-\fIpfilenames\fP return array of filenames, should be freed with \fBkrb5_free_config_files()\fP.
+\fIpfilenames\fP return array of filenames, should be freed with \fBkrb5_free_config_files()\fP\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_config_files (krb5_context context, char ** filenames)"
-.PP
-Reinit the context from a new set of filenames.
+Reinit the context from a new set of filenames\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP context to add configuration too.
+\fIcontext\fP context to add configuration too\&.
.br
-\fIfilenames\fP array of filenames, end of list is indicated with a NULL filename.
+\fIfilenames\fP array of filenames, end of list is indicated with a NULL filename\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_default_in_tkt_etypes (krb5_context context, const krb5_enctype * etypes)"
-.PP
-Set the default encryption types that will be use in communcation with the KDC, clients and servers.
+Set the default encryption types that will be use in communcation with the KDC, clients and servers\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
-\fIetypes\fP Encryption types, array terminated with ETYPE_NULL (0).
+\fIetypes\fP Encryption types, array terminated with ETYPE_NULL (0)\&. A value of NULL resets the encryption types to the defaults set in the configuration file\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag)"
-.PP
-Set if the library should use DNS to canonicalize hostnames.
+Set if the library should use DNS to canonicalize hostnames\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
-\fIflag\fP if its dns canonicalizion is used or not.
+\fIflag\fP if its dns canonicalizion is used or not\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_extra_addresses (krb5_context context, const krb5_addresses * addresses)"
-.PP
-Set extra address to the address list that the library will add to the client's address list when communicating with the KDC.
+Set extra address to the address list that the library will add to the client's address list when communicating with the KDC\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
\fIaddresses\fP addreses to set
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_fcache_version (krb5_context context, int version)"
-.PP
-Set version of fcache that the library should use.
+Set version of fcache that the library should use\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
-\fIversion\fP version number.
+\fIversion\fP version number\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_set_home_dir_access (krb5_context context, krb5_boolean allow)"
+Enable and disable home directory access on either the global state or the krb5_context state\&. By calling \fBkrb5_set_home_dir_access()\fP with context set to NULL, the global state is configured otherwise the state for the krb5_context is modified\&.
.PP
-Enable and disable home directory access on either the global state or the krb5_context state. By calling \fBkrb5_set_home_dir_access()\fP with context set to NULL, the global state is configured otherwise the state for the krb5_context is modified.
-.PP
-For home directory access to be allowed, both the global state and the krb5_context state have to be allowed.
-.PP
-Administrator (root user), never uses the home directory.
+For home directory access to be allowed, both the global state and the krb5_context state have to be allowed\&.
.PP
\fBParameters:\fP
.RS 4
@@ -912,33 +889,31 @@ the old value
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_ignore_addresses (krb5_context context, const krb5_addresses * addresses)"
-.PP
-Set extra addresses to ignore when fetching addresses from the underlaying operating system.
+Set extra addresses to ignore when fetching addresses from the underlaying operating system\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
\fIaddresses\fP addreses to ignore
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec)"
-.PP
-Set current offset in time to the KDC.
+Set current offset in time to the KDC\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
-\fIsec\fP seconds part of offset.
+\fIsec\fP seconds part of offset\&.
.br
-\fIusec\fP micro seconds part of offset.
+\fIusec\fP micro seconds part of offset\&.
.RE
.PP
\fBReturns:\fP
@@ -948,20 +923,18 @@ returns zero
.PP
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_max_time_skew (krb5_context context, time_t t)"
-.PP
-Set max time skew allowed.
+Set max time skew allowed\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
-\fIt\fP timeskew in seconds.
+\fIt\fP timeskew in seconds\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_password (krb5_context context, krb5_creds * creds, const char * newpw, krb5_principal targprinc, int * result_code, krb5_data * result_code_string, krb5_data * result_string)"
-.PP
-Change password using creds.
+Change password using creds\&.
.PP
\fBParameters:\fP
.RS 4
@@ -971,28 +944,27 @@ Change password using creds.
.br
\fInewpw\fP The new password to set
.br
-\fItargprinc\fP if unset, the default principal is used.
+\fItargprinc\fP if unset, the default principal is used\&.
.br
-\fIresult_code\fP Result code, KRB5_KPASSWD_SUCCESS is when password is changed.
+\fIresult_code\fP Result code, KRB5_KPASSWD_SUCCESS is when password is changed\&.
.br
-\fIresult_code_string\fP binary message from the server, contains at least the result_code.
+\fIresult_code_string\fP binary message from the server, contains at least the result_code\&.
.br
-\fIresult_string\fP A message from the kpasswd service or the library in human printable form. The string is NUL terminated.
+\fIresult_string\fP A message from the kpasswd service or the library in human printable form\&. The string is NUL terminated\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-On sucess and *result_code is KRB5_KPASSWD_SUCCESS, the password is changed.
+On sucess and *result_code is KRB5_KPASSWD_SUCCESS, the password is changed\&.
.RE
.PP
@
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_real_time (krb5_context context, krb5_timestamp sec, int32_t usec)"
-.PP
-Set the absolute time that the caller knows the kdc has so the kerberos library can calculate the relative diffrence beteen the KDC time and local system time.
+Set the absolute time that the caller knows the kdc has so the kerberos library can calculate the relative diffrence beteen the KDC time and local system time\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Keberos 5 context.
+\fIcontext\fP Keberos 5 context\&.
.br
\fIsec\fP The applications new of 'now' in seconds
.br
@@ -1001,27 +973,23 @@ Set the absolute time that the caller knows the kdc has so the kerberos library
.PP
\fBReturns:\fP
.RS 4
-Kerberos 5 error code, see krb5_get_error_message().
+Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
-
-.PP
-If the caller passes in a negative usec, its assumed to be unknown and the function will use the current time usec.
+If the caller passes in a negative usec, its assumed to be unknown and the function will use the current time usec\&.
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag)"
-.PP
-Make the kerberos library default to the admin KDC.
+Make the kerberos library default to the admin KDC\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
-\fIflag\fP boolean flag to select if the use the admin KDC or not.
+\fIflag\fP boolean flag to select if the use the admin KDC or not\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_authorization_data_type (krb5_context context, krb5_ticket * ticket, int type, krb5_data * data)"
-.PP
-Extract the authorization data type of type from the ticket. Store the field in data. This function is to use for kerberos applications.
+Extract the authorization data type of type from the ticket\&. Store the field in data\&. This function is to use for kerberos applications\&.
.PP
\fBParameters:\fP
.RS 4
@@ -1036,7 +1004,6 @@ Extract the authorization data type of type from the ticket. Store the field in
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_client (krb5_context context, const krb5_ticket * ticket, krb5_principal * client)"
-.PP
Return client principal in ticket
.PP
\fBParameters:\fP
@@ -1050,12 +1017,11 @@ Return client principal in ticket
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL krb5_ticket_get_endtime (krb5_context context, const krb5_ticket * ticket)"
-.PP
Return end time of ticket
.PP
\fBParameters:\fP
@@ -1072,7 +1038,6 @@ end time of ticket
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_server (krb5_context context, const krb5_ticket * ticket, krb5_principal * server)"
-.PP
Return server principal in ticket
.PP
\fBParameters:\fP
@@ -1086,7 +1051,10 @@ Return server principal in ticket
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
+.SH "Author"
+.PP
+Generated automatically by Doxygen for HeimdalKerberos5library from the source code\&.
diff --git a/doc/doxyout/krb5/man/man3/krb5_abort.3 b/doc/doxyout/krb5/man/man3/krb5_abort.3
new file mode 100644
index 000000000000..f721fda2cd4b
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_abort.3
@@ -0,0 +1 @@
+.so man3/krb5_error.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_abortx.3 b/doc/doxyout/krb5/man/man3/krb5_abortx.3
new file mode 100644
index 000000000000..f721fda2cd4b
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_abortx.3
@@ -0,0 +1 @@
+.so man3/krb5_error.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_address.3 b/doc/doxyout/krb5/man/man3/krb5_address.3
index 8d273c8a6f87..74a26c12d487 100644
--- a/doc/doxyout/krb5/man/man3/krb5_address.3
+++ b/doc/doxyout/krb5/man/man3/krb5_address.3
@@ -1,8 +1,11 @@
-.TH "Heimdal Kerberos 5 address functions" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*-
+.TH "krb5_address" 3 "Fri Dec 8 2017" "Version 7.5.0" "HeimdalKerberos5library" \" -*- nroff -*-
.ad l
.nh
.SH NAME
-Heimdal Kerberos 5 address functions \-
+krb5_address
+.SH SYNOPSIS
+.br
+.PP
.SS "Functions"
.in +1c
@@ -73,8 +76,7 @@ Heimdal Kerberos 5 address functions \-
.SH "Function Documentation"
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_addr2sockaddr (krb5_context context, const krb5_address * addr, struct sockaddr * sa, krb5_socklen_t * sa_size, int port)"
-.PP
-krb5_addr2sockaddr sets the 'struct sockaddr sockaddr' from addr and port. The argument sa_size should initially contain the size of the sa and after the call, it will contain the actual length of the address. In case of the sa is too small to fit the whole address, the up to *sa_size will be stored, and then *sa_size will be set to the required length.
+krb5_addr2sockaddr sets the 'struct sockaddr sockaddr' from addr and port\&. The argument sa_size should initially contain the size of the sa and after the call, it will contain the actual length of the address\&. In case of the sa is too small to fit the whole address, the up to *sa_size will be stored, and then *sa_size will be set to the required length\&.
.PP
\fBParameters:\fP
.RS 4
@@ -84,20 +86,19 @@ krb5_addr2sockaddr sets the 'struct sockaddr sockaddr' from addr and port. The a
.br
\fIsa\fP the struct sockaddr that will be filled in
.br
-\fIsa_size\fP pointer to length of sa, and after the call, it will contain the actual length of the address.
+\fIsa_size\fP pointer to length of sa, and after the call, it will contain the actual length of the address\&.
.br
-\fIport\fP set port in sa.
+\fIport\fP set port in sa\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0. Will return KRB5_PROG_ATYPE_NOSUPP in case address type is not supported.
+Return an error code or 0\&. Will return KRB5_PROG_ATYPE_NOSUPP in case address type is not supported\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_address_compare (krb5_context context, const krb5_address * addr1, const krb5_address * addr2)"
-.PP
-krb5_address_compare compares the addresses addr1 and addr2. Returns TRUE if the two addresses are the same.
+krb5_address_compare compares the addresses addr1 and addr2\&. Returns TRUE if the two addresses are the same\&.
.PP
\fBParameters:\fP
.RS 4
@@ -115,8 +116,7 @@ Return an TRUE is the address are the same FALSE if not
.PP
.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_address_order (krb5_context context, const krb5_address * addr1, const krb5_address * addr2)"
-.PP
-krb5_address_order compares the addresses addr1 and addr2 so that it can be used for sorting addresses. If the addresses are the same address krb5_address_order will return 0. Behavies like memcmp(2).
+krb5_address_order compares the addresses addr1 and addr2 so that it can be used for sorting addresses\&. If the addresses are the same address krb5_address_order will return 0\&. Behavies like memcmp(2)\&.
.PP
\fBParameters:\fP
.RS 4
@@ -129,13 +129,12 @@ krb5_address_order compares the addresses addr1 and addr2 so that it can be used
.PP
\fBReturns:\fP
.RS 4
-< 0 if address addr1 in 'less' then addr2. 0 if addr1 and addr2 is the same address, > 0 if addr2 is 'less' then addr1.
+< 0 if address addr1 in 'less' then addr2\&. 0 if addr1 and addr2 is the same address, > 0 if addr2 is 'less' then addr1\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_address_prefixlen_boundary (krb5_context context, const krb5_address * inaddr, unsigned long prefixlen, krb5_address * low, krb5_address * high)"
-.PP
-Calculate the boundary addresses of `inaddr'/`prefixlen' and store them in `low' and `high'.
+Calculate the boundary addresses of `inaddr'/`prefixlen' and store them in `low' and `high'\&.
.PP
\fBParameters:\fP
.RS 4
@@ -152,32 +151,30 @@ Calculate the boundary addresses of `inaddr'/`prefixlen' and store them in `low'
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_address_search (krb5_context context, const krb5_address * addr, const krb5_addresses * addrlist)"
-.PP
-krb5_address_search checks if the address addr is a member of the address set list addrlist .
+krb5_address_search checks if the address addr is a member of the address set list addrlist \&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Keberos context.
+\fIcontext\fP a Keberos context\&.
.br
-\fIaddr\fP address to search for.
+\fIaddr\fP address to search for\&.
.br
-\fIaddrlist\fP list of addresses to look in for addr.
+\fIaddrlist\fP list of addresses to look in for addr\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_anyaddr (krb5_context context, int af, struct sockaddr * sa, krb5_socklen_t * sa_size, int port)"
-.PP
-krb5_anyaddr fills in a 'struct sockaddr sa' that can be used to bind(2) to. The argument sa_size should initially contain the size of the sa, and after the call, it will contain the actual length of the address.
+krb5_anyaddr fills in a 'struct sockaddr sa' that can be used to bind(2) to\&. The argument sa_size should initially contain the size of the sa, and after the call, it will contain the actual length of the address\&.
.PP
\fBParameters:\fP
.RS 4
@@ -187,20 +184,19 @@ krb5_anyaddr fills in a 'struct sockaddr sa' that can be used to bind(2) to. The
.br
\fIsa\fP sockaddr
.br
-\fIsa_size\fP lenght of sa.
+\fIsa_size\fP lenght of sa\&.
.br
-\fIport\fP for to fill into sa.
+\fIport\fP for to fill into sa\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_append_addresses (krb5_context context, krb5_addresses * dest, const krb5_addresses * source)"
-.PP
-krb5_append_addresses adds the set of addresses in source to dest. While copying the addresses, duplicates are also sorted out.
+krb5_append_addresses adds the set of addresses in source to dest\&. While copying the addresses, duplicates are also sorted out\&.
.PP
\fBParameters:\fP
.RS 4
@@ -213,13 +209,12 @@ krb5_append_addresses adds the set of addresses in source to dest. While copying
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_address (krb5_context context, const krb5_address * inaddr, krb5_address * outaddr)"
-.PP
-krb5_copy_address copies the content of address inaddr to outaddr.
+krb5_copy_address copies the content of address inaddr to outaddr\&.
.PP
\fBParameters:\fP
.RS 4
@@ -232,13 +227,12 @@ krb5_copy_address copies the content of address inaddr to outaddr.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_addresses (krb5_context context, const krb5_addresses * inaddr, krb5_addresses * outaddr)"
-.PP
-krb5_copy_addresses copies the content of addresses inaddr to outaddr.
+krb5_copy_addresses copies the content of addresses inaddr to outaddr\&.
.PP
\fBParameters:\fP
.RS 4
@@ -251,47 +245,44 @@ krb5_copy_addresses copies the content of addresses inaddr to outaddr.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_address (krb5_context context, krb5_address * address)"
-.PP
-krb5_free_address frees the data stored in the address that is alloced with any of the krb5_address functions.
+krb5_free_address frees the data stored in the address that is alloced with any of the krb5_address functions\&.
.PP
\fBParameters:\fP
.RS 4
\fIcontext\fP a Keberos context
.br
-\fIaddress\fP addresss to be freed.
+\fIaddress\fP addresss to be freed\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_addresses (krb5_context context, krb5_addresses * addresses)"
-.PP
-krb5_free_addresses frees the data stored in the address that is alloced with any of the krb5_address functions.
+krb5_free_addresses frees the data stored in the address that is alloced with any of the krb5_address functions\&.
.PP
\fBParameters:\fP
.RS 4
\fIcontext\fP a Keberos context
.br
-\fIaddresses\fP addressses to be freed.
+\fIaddresses\fP addressses to be freed\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_addr2addr (krb5_context context, int af, const char * haddr, krb5_address * addr)"
-.PP
-krb5_h_addr2addr works like krb5_h_addr2sockaddr with the exception that it operates on a krb5_address instead of a struct sockaddr.
+krb5_h_addr2addr works like krb5_h_addr2sockaddr with the exception that it operates on a krb5_address instead of a struct sockaddr\&.
.PP
\fBParameters:\fP
.RS 4
@@ -299,20 +290,19 @@ krb5_h_addr2addr works like krb5_h_addr2sockaddr with the exception that it oper
.br
\fIaf\fP address family
.br
-\fIhaddr\fP host address from struct hostent.
+\fIhaddr\fP host address from struct hostent\&.
.br
-\fIaddr\fP returned krb5_address.
+\fIaddr\fP returned krb5_address\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_addr2sockaddr (krb5_context context, int af, const char * addr, struct sockaddr * sa, krb5_socklen_t * sa_size, int port)"
-.PP
-krb5_h_addr2sockaddr initializes a 'struct sockaddr sa' from af and the 'struct hostent' (see gethostbyname(3) ) h_addr_list component. The argument sa_size should initially contain the size of the sa, and after the call, it will contain the actual length of the address.
+krb5_h_addr2sockaddr initializes a 'struct sockaddr sa' from af and the 'struct hostent' (see gethostbyname(3) ) h_addr_list component\&. The argument sa_size should initially contain the size of the sa, and after the call, it will contain the actual length of the address\&.
.PP
\fBParameters:\fP
.RS 4
@@ -326,17 +316,16 @@ krb5_h_addr2sockaddr initializes a 'struct sockaddr sa' from af and the 'struct
.br
\fIsa_size\fP size of sa
.br
-\fIport\fP port to set in sa.
+\fIport\fP port to set in sa\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_make_addrport (krb5_context context, krb5_address ** res, const krb5_address * addr, int16_t port)"
-.PP
Create an address of type KRB5_ADDRESS_ADDRPORT from (addr, port)
.PP
\fBParameters:\fP
@@ -352,23 +341,21 @@ Create an address of type KRB5_ADDRESS_ADDRPORT from (addr, port)
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL krb5_max_sockaddr_size (void)"
-.PP
-krb5_max_sockaddr_size returns the max size of the .Li struct sockaddr that the Kerberos library will return.
+krb5_max_sockaddr_size returns the max size of the \&.Li struct sockaddr that the Kerberos library will return\&.
.PP
\fBReturns:\fP
.RS 4
-Return an size_t of the maximum struct sockaddr.
+Return an size_t of the maximum struct sockaddr\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_address (krb5_context context, const char * string, krb5_addresses * addresses)"
-.PP
-krb5_parse_address returns the resolved hostname in string to the krb5_addresses addresses .
+krb5_parse_address returns the resolved hostname in string to the krb5_addresses addresses \&.
.PP
\fBParameters:\fP
.RS 4
@@ -381,13 +368,12 @@ krb5_parse_address returns the resolved hostname in string to the krb5_addresses
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_print_address (const krb5_address * addr, char * str, size_t len, size_t * ret_len)"
-.PP
-krb5_print_address prints the address in addr to the string string that have the length len. If ret_len is not NULL, it will be filled with the length of the string if size were unlimited (not including the final NUL) .
+krb5_print_address prints the address in addr to the string string that have the length len\&. If ret_len is not NULL, it will be filled with the length of the string if size were unlimited (not including the final NUL) \&.
.PP
\fBParameters:\fP
.RS 4
@@ -395,20 +381,19 @@ krb5_print_address prints the address in addr to the string string that have the
.br
\fIstr\fP pointer string to print the address into
.br
-\fIlen\fP length that will fit into area pointed to by 'str'.
+\fIlen\fP length that will fit into area pointed to by 'str'\&.
.br
-\fIret_len\fP return length the str.
+\fIret_len\fP return length the str\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sockaddr2address (krb5_context context, const struct sockaddr * sa, krb5_address * addr)"
-.PP
-krb5_sockaddr2address stores a address a 'struct sockaddr' sa in the krb5_address addr.
+krb5_sockaddr2address stores a address a 'struct sockaddr' sa in the krb5_address addr\&.
.PP
\fBParameters:\fP
.RS 4
@@ -416,18 +401,17 @@ krb5_sockaddr2address stores a address a 'struct sockaddr' sa in the krb5_addres
.br
\fIsa\fP a struct sockaddr to extract the address from
.br
-\fIaddr\fP an Kerberos 5 address to store the address in.
+\fIaddr\fP an Kerberos 5 address to store the address in\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sockaddr2port (krb5_context context, const struct sockaddr * sa, int16_t * port)"
-.PP
-krb5_sockaddr2port extracts a port (if possible) from a 'struct sockaddr.
+krb5_sockaddr2port extracts a port (if possible) from a "struct sockaddr\&.
.PP
\fBParameters:\fP
.RS 4
@@ -435,27 +419,29 @@ krb5_sockaddr2port extracts a port (if possible) from a 'struct sockaddr.
.br
\fIsa\fP a struct sockaddr to extract the port from
.br
-\fIport\fP a pointer to an int16_t store the port in.
+\fIport\fP a pointer to an int16_t store the port in\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0. Will return KRB5_PROG_ATYPE_NOSUPP in case address type is not supported.
+Return an error code or 0\&. Will return KRB5_PROG_ATYPE_NOSUPP in case address type is not supported\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_sockaddr_uninteresting (const struct sockaddr * sa)"
-.PP
-krb5_sockaddr_uninteresting returns TRUE for all .Fa sa that the kerberos library thinks are uninteresting. One example are link local addresses.
+krb5_sockaddr_uninteresting returns TRUE for all \&.Fa sa that the kerberos library thinks are uninteresting\&. One example are link local addresses\&.
.PP
\fBParameters:\fP
.RS 4
-\fIsa\fP pointer to struct sockaddr that might be interesting.
+\fIsa\fP pointer to struct sockaddr that might be interesting\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return a non zero for uninteresting addresses.
+Return a non zero for uninteresting addresses\&.
.RE
.PP
+.SH "Author"
+.PP
+Generated automatically by Doxygen for HeimdalKerberos5library from the source code\&.
diff --git a/doc/doxyout/krb5/man/man3/krb5_aname_to_localname.3 b/doc/doxyout/krb5/man/man3/krb5_aname_to_localname.3
new file mode 100644
index 000000000000..21a2567dc68c
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_aname_to_localname.3
@@ -0,0 +1 @@
+.so man3/krb5_support.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_auth.3 b/doc/doxyout/krb5/man/man3/krb5_auth.3
index dd4013b2ac17..89ef06c509c4 100644
--- a/doc/doxyout/krb5/man/man3/krb5_auth.3
+++ b/doc/doxyout/krb5/man/man3/krb5_auth.3
@@ -1,8 +1,11 @@
-.TH "Heimdal Kerberos 5 authentication functions" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*-
+.TH "krb5_auth" 3 "Fri Dec 8 2017" "Version 7.5.0" "HeimdalKerberos5library" \" -*- nroff -*-
.ad l
.nh
.SH NAME
-Heimdal Kerberos 5 authentication functions \-
+krb5_auth
+.SH SYNOPSIS
+.br
+.PP
.SS "Functions"
.in +1c
@@ -31,108 +34,105 @@ Heimdal Kerberos 5 authentication functions \-
.SH "Function Documentation"
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_ctx (krb5_context context, krb5_auth_context * auth_context, const krb5_data * inbuf, krb5_const_principal server, krb5_rd_req_in_ctx inctx, krb5_rd_req_out_ctx * outctx)"
-.PP
-The core server function that verify application authentication requests from clients.
+The core server function that verify application authentication requests from clients\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Keberos 5 context.
+\fIcontext\fP Keberos 5 context\&.
.br
-\fIauth_context\fP the authentication context, can be NULL, then default values for the authentication context will used.
+\fIauth_context\fP the authentication context, can be NULL, then default values for the authentication context will used\&.
.br
\fIinbuf\fP the (AP-REQ) authentication buffer
.br
-\fIserver\fP the server with authenticate as, if NULL the function will try to find any available credential in the keytab that will verify the reply. The function will prefer the server the server client specified in the AP-REQ, but if there is no mach, it will try all keytab entries for a match. This have serious performance issues for larger keytabs.
+\fIserver\fP the server to authenticate to\&. If NULL the function will try to find any available credential in the keytab that will verify the reply\&. The function will prefer the server specified in the AP-REQ, but if there is no mach, it will try all keytab entries for a match\&. This has serious performance issues for large keytabs\&.
.br
-\fIinctx\fP control the behavior of the function, if NULL, the default behavior is used.
+\fIinctx\fP control the behavior of the function, if NULL, the default behavior is used\&.
.br
-\fIoutctx\fP the return outctx, free with \fBkrb5_rd_req_out_ctx_free()\fP.
+\fIoutctx\fP the return outctx, free with \fBkrb5_rd_req_out_ctx_free()\fP\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Kerberos 5 error code, see krb5_get_error_message().
+Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_ctx_alloc (krb5_context context, krb5_rd_req_in_ctx * ctx)"
-.PP
-Allocate a krb5_rd_req_in_ctx as an input parameter to \fBkrb5_rd_req_ctx()\fP. The caller should free the context with krb5_rd_req_in_ctx_free() when done with the context.
+Allocate a krb5_rd_req_in_ctx as an input parameter to \fBkrb5_rd_req_ctx()\fP\&. The caller should free the context with krb5_rd_req_in_ctx_free() when done with the context\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Keberos 5 context.
+\fIcontext\fP Keberos 5 context\&.
.br
-\fIctx\fP in ctx to \fBkrb5_rd_req_ctx()\fP.
+\fIctx\fP in ctx to \fBkrb5_rd_req_ctx()\fP\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Kerberos 5 error code, see krb5_get_error_message().
+Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_set_keytab (krb5_context context, krb5_rd_req_in_ctx in, krb5_keytab keytab)"
-.PP
-Set the keytab that \fBkrb5_rd_req_ctx()\fP will use.
+Set the keytab that \fBkrb5_rd_req_ctx()\fP will use\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Keberos 5 context.
+\fIcontext\fP Keberos 5 context\&.
.br
-\fIin\fP in ctx to \fBkrb5_rd_req_ctx()\fP.
+\fIin\fP in ctx to \fBkrb5_rd_req_ctx()\fP\&.
.br
-\fIkeytab\fP keytab that \fBkrb5_rd_req_ctx()\fP will use, only copy the pointer, so the caller must free they keytab after krb5_rd_req_in_ctx_free() is called.
+\fIkeytab\fP keytab that \fBkrb5_rd_req_ctx()\fP will use, only copy the pointer, so the caller must free they keytab after krb5_rd_req_in_ctx_free() is called\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Kerberos 5 error code, see krb5_get_error_message().
+Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_set_pac_check (krb5_context context, krb5_rd_req_in_ctx in, krb5_boolean flag)"
-.PP
Set if krb5_rq_red() is going to check the Windows PAC or not
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Keberos 5 context.
+\fIcontext\fP Keberos 5 context\&.
.br
-\fIin\fP krb5_rd_req_in_ctx to check the option on.
+\fIin\fP krb5_rd_req_in_ctx to check the option on\&.
.br
-\fIflag\fP flag to select if to check the pac (TRUE) or not (FALSE).
+\fIflag\fP flag to select if to check the pac (TRUE) or not (FALSE)\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Kerberos 5 error code, see krb5_get_error_message().
+Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_rd_req_out_ctx_free (krb5_context context, krb5_rd_req_out_ctx ctx)"
-.PP
-Free the krb5_rd_req_out_ctx.
+Free the krb5_rd_req_out_ctx\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Keberos 5 context.
+\fIcontext\fP Keberos 5 context\&.
.br
-\fIctx\fP krb5_rd_req_out_ctx context to free.
+\fIctx\fP krb5_rd_req_out_ctx context to free\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_out_get_server (krb5_context context, krb5_rd_req_out_ctx out, krb5_principal * principal)"
-.PP
-Get the principal that was used in the request from the client. Might not match whats in the ticket if \fBkrb5_rd_req_ctx()\fP searched in the keytab for a matching key.
+Get the principal that was used in the request from the client\&. Might not match whats in the ticket if \fBkrb5_rd_req_ctx()\fP searched in the keytab for a matching key\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Kerberos 5 context.
+\fIcontext\fP a Kerberos 5 context\&.
.br
-\fIout\fP a krb5_rd_req_out_ctx from \fBkrb5_rd_req_ctx()\fP.
+\fIout\fP a krb5_rd_req_out_ctx from \fBkrb5_rd_req_ctx()\fP\&.
.br
-\fIprincipal\fP return principal, free with \fBkrb5_free_principal()\fP.
+\fIprincipal\fP return principal, free with \fBkrb5_free_principal()\fP\&.
.RE
.PP
+.SH "Author"
+.PP
+Generated automatically by Doxygen for HeimdalKerberos5library from the source code\&.
diff --git a/doc/doxyout/krb5/man/man3/krb5_ccache.3 b/doc/doxyout/krb5/man/man3/krb5_ccache.3
index 796640b93274..c3c3e36d4b3a 100644
--- a/doc/doxyout/krb5/man/man3/krb5_ccache.3
+++ b/doc/doxyout/krb5/man/man3/krb5_ccache.3
@@ -1,8 +1,11 @@
-.TH "Heimdal Kerberos 5 credential cache functions" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*-
+.TH "krb5_ccache" 3 "Fri Dec 8 2017" "Version 7.5.0" "HeimdalKerberos5library" \" -*- nroff -*-
.ad l
.nh
.SH NAME
-Heimdal Kerberos 5 credential cache functions \-
+krb5_ccache
+.SH SYNOPSIS
+.br
+.PP
.SS "Functions"
.in +1c
@@ -164,6 +167,9 @@ Heimdal Kerberos 5 credential cache functions \-
.RI "KRB5_LIB_VARIABLE const krb5_cc_ops \fBkrb5_acc_ops\fP"
.br
.ti -1c
+.RI "KRB5_LIB_VARIABLE const krb5_cc_ops \fBkrb5_dcc_ops\fP"
+.br
+.ti -1c
.RI "KRB5_LIB_VARIABLE const krb5_cc_ops \fBkrb5_fcc_ops\fP"
.br
.ti -1c
@@ -176,37 +182,34 @@ Heimdal Kerberos 5 credential cache functions \-
.SH "Function Documentation"
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_end_seq_get (krb5_context context, krb5_cc_cache_cursor cursor)"
-.PP
-Destroy the cursor `cursor'.
+Destroy the cursor `cursor'\&.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_get_first (krb5_context context, const char * type, krb5_cc_cache_cursor * cursor)"
-.PP
-Start iterating over all caches of specified type. See also \fBkrb5_cccol_cursor_new()\fP.
+Start iterating over all caches of specified type\&. See also \fBkrb5_cccol_cursor_new()\fP\&.
.PP
\fBParameters:\fP
.RS 4
\fIcontext\fP A Kerberos 5 context
.br
-\fItype\fP optional type to iterate over, if NULL, the default cache is used.
+\fItype\fP optional type to iterate over, if NULL, the default cache is used\&.
.br
-\fIcursor\fP cursor should be freed with \fBkrb5_cc_cache_end_seq_get()\fP.
+\fIcursor\fP cursor should be freed with \fBkrb5_cc_cache_end_seq_get()\fP\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_match (krb5_context context, krb5_principal client, krb5_ccache * id)"
-.PP
-Search for a matching credential cache that have the `principal' as the default principal. On success, `id' needs to be freed with \fBkrb5_cc_close()\fP or \fBkrb5_cc_destroy()\fP.
+Search for a matching credential cache that have the `principal' as the default principal\&. On success, `id' needs to be freed with \fBkrb5_cc_close()\fP or \fBkrb5_cc_destroy()\fP\&.
.PP
\fBParameters:\fP
.RS 4
@@ -219,13 +222,12 @@ Search for a matching credential cache that have the `principal' as the default
.PP
\fBReturns:\fP
.RS 4
-On failure, error code is returned and `id' is set to NULL.
+On failure, error code is returned and `id' is set to NULL\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_next (krb5_context context, krb5_cc_cache_cursor cursor, krb5_ccache * id)"
-.PP
-Retrieve the next cache pointed to by (`cursor') in `id' and advance `cursor'.
+Retrieve the next cache pointed to by (`cursor') in `id' and advance `cursor'\&.
.PP
\fBParameters:\fP
.RS 4
@@ -238,104 +240,93 @@ Retrieve the next cache pointed to by (`cursor') in `id' and advance `cursor'.
.PP
\fBReturns:\fP
.RS 4
-Return 0 or an error code. Returns KRB5_CC_END when the end of caches is reached, see krb5_get_error_message().
+Return 0 or an error code\&. Returns KRB5_CC_END when the end of caches is reached, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_cc_clear_mcred (krb5_creds * mcred)"
-.PP
Clear `mcreds' so it can be used with krb5_cc_retrieve_cred
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_close (krb5_context context, krb5_ccache id)"
-.PP
-Stop using the ccache `id' and free the related resources.
+Stop using the ccache `id' and free the related resources\&.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_cache (krb5_context context, const krb5_ccache from, krb5_ccache to)"
-.PP
-Just like \fBkrb5_cc_copy_match_f()\fP, but copy everything.
+Just like \fBkrb5_cc_copy_match_f()\fP, but copy everything\&.
.PP
@
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_creds (krb5_context context, const krb5_ccache from, krb5_ccache to)"
-.PP
MIT compat glue
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_match_f (krb5_context context, const krb5_ccache from, krb5_ccache to, krb5_boolean(*)(krb5_context, void *, const krb5_creds *) match, void * matchctx, unsigned int * matched)"
-.PP
-Copy the contents of `from' to `to' if the given match function return true.
+Copy the contents of `from' to `to' if the given match function return true\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos 5 context.
+\fIcontext\fP A Kerberos 5 context\&.
.br
-\fIfrom\fP the cache to copy data from.
+\fIfrom\fP the cache to copy data from\&.
.br
-\fIto\fP the cache to copy data to.
+\fIto\fP the cache to copy data to\&.
.br
-\fImatch\fP a match function that should return TRUE if cred argument should be copied, if NULL, all credentials are copied.
+\fImatch\fP a match function that should return TRUE if cred argument should be copied, if NULL, all credentials are copied\&.
.br
-\fImatchctx\fP context passed to match function.
+\fImatchctx\fP context passed to match function\&.
.br
-\fImatched\fP set to true if there was a credential that matched, may be NULL.
+\fImatched\fP set to true if there was a credential that matched, may be NULL\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_default (krb5_context context, krb5_ccache * id)"
-.PP
-Open the default ccache in `id'.
+Open the default ccache in `id'\&.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_default_name (krb5_context context)"
-.PP
-Return a pointer to a context static string containing the default ccache name.
+Return a pointer to a context static string containing the default ccache name\&.
.PP
\fBReturns:\fP
.RS 4
-String to the default credential cache name.
+String to the default credential cache name\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_destroy (krb5_context context, krb5_ccache id)"
-.PP
-Remove the ccache `id'.
+Remove the ccache `id'\&.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_end_seq_get (krb5_context context, const krb5_ccache id, krb5_cc_cursor * cursor)"
-.PP
-Destroy the cursor `cursor'.
+Destroy the cursor `cursor'\&.
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_gen_new (krb5_context context, const krb5_cc_ops * ops, krb5_ccache * id)"
+Generate a new ccache of type `ops' in `id'\&.
.PP
-Generate a new ccache of type `ops' in `id'.
-.PP
-Deprecated: use \fBkrb5_cc_new_unique()\fP instead.
+Deprecated: use \fBkrb5_cc_new_unique()\fP instead\&.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_config (krb5_context context, krb5_ccache id, krb5_const_principal principal, const char * name, krb5_data * data)"
-.PP
-Get some configuration for the credential cache in the cache.
+Get some configuration for the credential cache in the cache\&.
.PP
\fBParameters:\fP
.RS 4
@@ -343,29 +334,26 @@ Get some configuration for the credential cache in the cache.
.br
\fIid\fP the credential cache to store the data for
.br
-\fIprincipal\fP configuration for a specific principal, if NULL, global for the whole cache.
+\fIprincipal\fP configuration for a specific principal, if NULL, global for the whole cache\&.
.br
-\fIname\fP name under which the configuraion is stored.
+\fIname\fP name under which the configuraion is stored\&.
.br
\fIdata\fP data to fetched, free with \fBkrb5_data_free()\fP
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_flags (krb5_context context, krb5_ccache id, krb5_flags * flags)"
-.PP
-Get the flags of `id', store them in `flags'.
+Get the flags of `id', store them in `flags'\&.
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_friendly_name (krb5_context context, krb5_ccache id, char ** name)"
-.PP
-Return a friendly name on credential cache. Free the result with krb5_xfree().
+Return a friendly name on credential cache\&. Free the result with krb5_xfree()\&.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_full_name (krb5_context context, krb5_ccache id, char ** str)"
-.PP
Return the complete resolvable name the cache
.PP
\fBParameters:\fP
@@ -379,19 +367,18 @@ Return the complete resolvable name the cache
.PP
\fBReturns:\fP
.RS 4
-Returns 0 or an error (and then *str is set to NULL).
+Returns 0 or an error (and then *str is set to NULL)\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_kdc_offset (krb5_context context, krb5_ccache id, krb5_deltat * offset)"
-.PP
Get the time offset betwen the client and the KDC
.PP
-If the backend doesn't support KDC offset, use the context global setting.
+If the backend doesn't support KDC offset, use the context global setting\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos 5 context.
+\fIcontext\fP A Kerberos 5 context\&.
.br
\fIid\fP a credential cache
.br
@@ -400,19 +387,18 @@ If the backend doesn't support KDC offset, use the context global setting.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_lifetime (krb5_context context, krb5_ccache id, time_t * t)"
-.PP
Get the lifetime of the initial ticket in the cache
.PP
-Get the lifetime of the initial ticket in the cache, if the initial ticket was not found, the error code KRB5_CC_END is returned.
+Get the lifetime of the initial ticket in the cache, if the initial ticket was not found, the error code KRB5_CC_END is returned\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos 5 context.
+\fIcontext\fP A Kerberos 5 context\&.
.br
\fIid\fP a credential cache
.br
@@ -421,55 +407,49 @@ Get the lifetime of the initial ticket in the cache, if the initial ticket was n
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
-
-.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_get_name (krb5_context context, krb5_ccache id)"
+If we find the start krbtgt in the cache, use that as the lifespan\&.
.PP
+If there was no krbtgt, use the shortest lifetime of service tickets that have yet to expire\&. If all credentials are expired, \fBkrb5_cc_get_lifetime()\fP will fail\&.
+.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_get_name (krb5_context context, krb5_ccache id)"
Return the name of the ccache `id'
.SS "KRB5_LIB_FUNCTION const krb5_cc_ops* KRB5_LIB_CALL krb5_cc_get_ops (krb5_context context, krb5_ccache id)"
-.PP
-Return krb5_cc_ops of a the ccache `id'.
+Return krb5_cc_ops of a the ccache `id'\&.
.SS "KRB5_LIB_FUNCTION const krb5_cc_ops* KRB5_LIB_CALL krb5_cc_get_prefix_ops (krb5_context context, const char * prefix)"
-.PP
-Get the cc ops that is registered in `context' to handle the prefix. prefix can be a complete credential cache name or a prefix, the function will only use part up to the first colon (:) if there is one. If prefix the argument is NULL, the default ccache implemtation is returned.
+Get the cc ops that is registered in `context' to handle the prefix\&. prefix can be a complete credential cache name or a prefix, the function will only use part up to the first colon (:) if there is one\&. If prefix the argument is NULL, the default ccache implemtation is returned\&.
.PP
\fBReturns:\fP
.RS 4
-Returns NULL if ops not found.
+Returns NULL if ops not found\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_principal (krb5_context context, krb5_ccache id, krb5_principal * principal)"
-.PP
-Return the principal of `id' in `principal'.
+Return the principal of `id' in `principal'\&.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_get_type (krb5_context context, krb5_ccache id)"
-.PP
-Return the type of the ccache `id'.
+Return the type of the ccache `id'\&.
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_version (krb5_context context, const krb5_ccache id)"
-.PP
-Return the version of `id'.
+Return the version of `id'\&.
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_initialize (krb5_context context, krb5_ccache id, krb5_principal primary_principal)"
-.PP
-Create a new ccache in `id' for `primary_principal'.
+Create a new ccache in `id' for `primary_principal'\&.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_last_change_time (krb5_context context, krb5_ccache id, krb5_timestamp * mtime)"
-.PP
-Return the last time the credential cache was modified.
+Return the last time the credential cache was modified\&.
.PP
\fBParameters:\fP
.RS 4
@@ -477,18 +457,17 @@ Return the last time the credential cache was modified.
.br
\fIid\fP The credential cache to probe
.br
-\fImtime\fP the last modification time, set to 0 on error.
+\fImtime\fP the last modification time, set to 0 on error\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return 0 or and error. See krb5_get_error_message().
+Return 0 or and error\&. See \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_move (krb5_context context, krb5_ccache from, krb5_ccache to)"
-.PP
-Move the content from one credential cache to another. The operation is an atomic switch.
+Move the content from one credential cache to another\&. The operation is an atomic switch\&.
.PP
\fBParameters:\fP
.RS 4
@@ -501,33 +480,30 @@ Move the content from one credential cache to another. The operation is an atomi
.PP
\fBReturns:\fP
.RS 4
-On sucess, from is freed. On failure, error code is returned and from and to are both still allocated, see krb5_get_error_message().
+On sucess, from is freed\&. On failure, error code is returned and from and to are both still allocated, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_new_unique (krb5_context context, const char * type, const char * hint, krb5_ccache * id)"
-.PP
-Generates a new unique ccache of `type` in `id'. If `type' is NULL, the library chooses the default credential cache type. The supplied `hint' (that can be NULL) is a string that the credential cache type can use to base the name of the credential on, this is to make it easier for the user to differentiate the credentials.
+Generates a new unique ccache of \fCtype\fP in `id'\&. If `type' is NULL, the library chooses the default credential cache type\&. The supplied `hint' (that can be NULL) is a string that the credential cache type can use to base the name of the credential on, this is to make it easier for the user to differentiate the credentials\&.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_next_cred (krb5_context context, const krb5_ccache id, krb5_cc_cursor * cursor, krb5_creds * creds)"
-.PP
-Retrieve the next cred pointed to by (`id', `cursor') in `creds' and advance `cursor'.
+Retrieve the next cred pointed to by (`id', `cursor') in `creds' and advance `cursor'\&.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_register (krb5_context context, const krb5_cc_ops * ops, krb5_boolean override)"
-.PP
-Add a new ccache type with operations `ops', overwriting any existing one if `override'.
+Add a new ccache type with operations `ops', overwriting any existing one if `override'\&.
.PP
\fBParameters:\fP
.RS 4
@@ -535,40 +511,37 @@ Add a new ccache type with operations `ops', overwriting any existing one if `ov
.br
\fIops\fP type of plugin symbol
.br
-\fIoverride\fP flag to select if the registration is to overide an existing ops with the same name.
+\fIoverride\fP flag to select if the registration is to overide an existing ops with the same name\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_remove_cred (krb5_context context, krb5_ccache id, krb5_flags which, krb5_creds * cred)"
-.PP
-Remove the credential identified by `cred', `which' from `id'.
+Remove the credential identified by `cred', `which' from `id'\&.
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_resolve (krb5_context context, const char * name, krb5_ccache * id)"
-.PP
-Find and allocate a ccache in `id' from the specification in `residual'. If the ccache name doesn't contain any colon, interpret it as a file name.
+Find and allocate a ccache in `id' from the specification in `residual'\&. If the ccache name doesn't contain any colon, interpret it as a file name\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Keberos context.
+\fIcontext\fP a Keberos context\&.
.br
-\fIname\fP string name of a credential cache.
+\fIname\fP string name of a credential cache\&.
.br
-\fIid\fP return pointer to a found credential cache.
+\fIid\fP return pointer to a found credential cache\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return 0 or an error code. In case of an error, id is set to NULL, see krb5_get_error_message().
+Return 0 or an error code\&. In case of an error, id is set to NULL, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_retrieve_cred (krb5_context context, krb5_ccache id, krb5_flags whichfields, const krb5_creds * mcreds, krb5_creds * creds)"
-.PP
-Retrieve the credential identified by `mcreds' (and `whichfields') from `id' in `creds'. 'creds' must be free by the caller using krb5_free_cred_contents.
+Retrieve the credential identified by `mcreds' (and `whichfields') from `id' in `creds'\&. 'creds' must be free by the caller using krb5_free_cred_contents\&.
.PP
\fBParameters:\fP
.RS 4
@@ -585,13 +558,12 @@ Retrieve the credential identified by `mcreds' (and `whichfields') from `id' in
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_config (krb5_context context, krb5_ccache id, krb5_const_principal principal, const char * name, krb5_data * data)"
-.PP
-Store some configuration for the credential cache in the cache. Existing configuration under the same name is over-written.
+Store some configuration for the credential cache in the cache\&. Existing configuration under the same name is over-written\&.
.PP
\fBParameters:\fP
.RS 4
@@ -599,39 +571,35 @@ Store some configuration for the credential cache in the cache. Existing configu
.br
\fIid\fP the credential cache to store the data for
.br
-\fIprincipal\fP configuration for a specific principal, if NULL, global for the whole cache.
+\fIprincipal\fP configuration for a specific principal, if NULL, global for the whole cache\&.
.br
-\fIname\fP name under which the configuraion is stored.
+\fIname\fP name under which the configuraion is stored\&.
.br
-\fIdata\fP data to store, if NULL, configure is removed.
+\fIdata\fP data to store, if NULL, configure is removed\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_default_name (krb5_context context, const char * name)"
-.PP
-Set the default cc name for `context' to `name'.
+Set the default cc name for `context' to `name'\&.
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_flags (krb5_context context, krb5_ccache id, krb5_flags flags)"
-.PP
-Set the flags of `id' to `flags'.
+Set the flags of `id' to `flags'\&.
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_friendly_name (krb5_context context, krb5_ccache id, const char * name)"
-.PP
-Set the friendly name on credential cache.
+Set the friendly name on credential cache\&.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_kdc_offset (krb5_context context, krb5_ccache id, krb5_deltat offset)"
-.PP
Set the time offset betwen the client and the KDC
.PP
-If the backend doesn't support KDC offset, use the context global setting.
+If the backend doesn't support KDC offset, use the context global setting\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos 5 context.
+\fIcontext\fP A Kerberos 5 context\&.
.br
\fIid\fP a credential cache
.br
@@ -640,80 +608,73 @@ If the backend doesn't support KDC offset, use the context global setting.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_start_seq_get (krb5_context context, const krb5_ccache id, krb5_cc_cursor * cursor)"
-.PP
-Start iterating over `id', `cursor' is initialized to the beginning. Caller must free the cursor with \fBkrb5_cc_end_seq_get()\fP.
+Start iterating over `id', `cursor' is initialized to the beginning\&. Caller must free the cursor with \fBkrb5_cc_end_seq_get()\fP\&.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_store_cred (krb5_context context, krb5_ccache id, krb5_creds * creds)"
-.PP
-Store `creds' in the ccache `id'.
+Store `creds' in the ccache `id'\&.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_cc_support_switch (krb5_context context, const char * type)"
-.PP
Return true if the default credential cache support switch
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_switch (krb5_context context, krb5_ccache id)"
-.PP
-Switch the default default credential cache for a specific credcache type (and name for some implementations).
+Switch the default default credential cache for a specific credcache type (and name for some implementations)\&.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_free (krb5_context context, krb5_cccol_cursor * cursor)"
-.PP
-End an iteration and free all resources, can be done before end is reached.
+End an iteration and free all resources, can be done before end is reached\&.
.PP
\fBParameters:\fP
.RS 4
\fIcontext\fP A Kerberos 5 context
.br
-\fIcursor\fP the iteration cursor to be freed.
+\fIcursor\fP the iteration cursor to be freed\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return 0 or and error, KRB5_CC_END is returned at the end of iteration. See krb5_get_error_message().
+Return 0 or and error, KRB5_CC_END is returned at the end of iteration\&. See \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_new (krb5_context context, krb5_cccol_cursor * cursor)"
-.PP
-Get a new cache interation cursor that will interate over all credentials caches independent of type.
+Get a new cache interation cursor that will interate over all credentials caches independent of type\&.
.PP
\fBParameters:\fP
.RS 4
\fIcontext\fP a Keberos context
.br
-\fIcursor\fP passed into \fBkrb5_cccol_cursor_next()\fP and free with \fBkrb5_cccol_cursor_free()\fP.
+\fIcursor\fP passed into \fBkrb5_cccol_cursor_next()\fP and free with \fBkrb5_cccol_cursor_free()\fP\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 or and error code, see krb5_get_error_message().
+Returns 0 or and error code, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_next (krb5_context context, krb5_cccol_cursor cursor, krb5_ccache * cache)"
-.PP
-Get next credential cache from the iteration.
+Get next credential cache from the iteration\&.
.PP
\fBParameters:\fP
.RS 4
@@ -721,37 +682,35 @@ Get next credential cache from the iteration.
.br
\fIcursor\fP the iteration cursor
.br
-\fIcache\fP the returned cursor, pointer is set to NULL on failure and a cache on success. The returned cache needs to be freed with \fBkrb5_cc_close()\fP or destroyed with \fBkrb5_cc_destroy()\fP. MIT Kerberos behavies slightly diffrent and sets cache to NULL when all caches are iterated over and return 0.
+\fIcache\fP the returned cursor, pointer is set to NULL on failure and a cache on success\&. The returned cache needs to be freed with \fBkrb5_cc_close()\fP or destroyed with \fBkrb5_cc_destroy()\fP\&. MIT Kerberos behavies slightly diffrent and sets cache to NULL when all caches are iterated over and return 0\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return 0 or and error, KRB5_CC_END is returned at the end of iteration. See krb5_get_error_message().
+Return 0 or and error, KRB5_CC_END is returned at the end of iteration\&. See \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_last_change_time (krb5_context context, const char * type, krb5_timestamp * mtime)"
-.PP
-Return the last modfication time for a cache collection. The query can be limited to a specific cache type. If the function return 0 and mtime is 0, there was no credentials in the caches.
+Return the last modfication time for a cache collection\&. The query can be limited to a specific cache type\&. If the function return 0 and mtime is 0, there was no credentials in the caches\&.
.PP
\fBParameters:\fP
.RS 4
\fIcontext\fP A Kerberos 5 context
.br
-\fItype\fP The credential cache to probe, if NULL, all type are traversed.
+\fItype\fP The credential cache to probe, if NULL, all type are traversed\&.
.br
-\fImtime\fP the last modification time, set to 0 on error.
+\fImtime\fP the last modification time, set to 0 on error\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return 0 or and error. See krb5_get_error_message().
+Return 0 or and error\&. See \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_validated_creds (krb5_context context, krb5_creds * creds, krb5_principal client, krb5_ccache ccache, char * service)"
-.PP
-Validate the newly fetch credential, see also krb5_verify_init_creds().
+Validate the newly fetch credential, see also krb5_verify_init_creds()\&.
.PP
\fBParameters:\fP
.RS 4
@@ -763,13 +722,12 @@ Validate the newly fetch credential, see also krb5_verify_init_creds().
.br
\fIccache\fP the credential cache to use
.br
-\fIservice\fP a service name to use, used with \fBkrb5_sname_to_principal()\fP to build a hostname to use to verify.
+\fIservice\fP a service name to use, used with \fBkrb5_sname_to_principal()\fP to build a hostname to use to verify\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_is_config_principal (krb5_context context, krb5_const_principal principal)"
-.PP
-Return TRUE (non zero) if the principal is a configuration principal (generated part of \fBkrb5_cc_set_config()\fP). Returns FALSE (zero) if not a configuration principal.
+Return TRUE (non zero) if the principal is a configuration principal (generated part of \fBkrb5_cc_set_config()\fP)\&. Returns FALSE (zero) if not a configuration principal\&.
.PP
\fBParameters:\fP
.RS 4
@@ -781,14 +739,13 @@ Return TRUE (non zero) if the principal is a configuration principal (generated
.SH "Variable Documentation"
.PP
-.SS "KRB5_LIB_VARIABLE const krb5_cc_ops \fBkrb5_acc_ops\fP"
-.PP
+.SS "KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops"
\fBInitial value:\fP
.PP
.nf
- {
+= {
KRB5_CC_OPS_VERSION,
- 'API',
+ "API",
acc_get_name,
acc_resolve,
acc_gen_new,
@@ -815,15 +772,48 @@ Return TRUE (non zero) if the principal is a configuration principal (generated
NULL,
}
.fi
-Variable containing the API based credential cache implemention.
-.SS "KRB5_LIB_VARIABLE const krb5_cc_ops \fBkrb5_fcc_ops\fP"
+Variable containing the API based credential cache implemention\&.
+.SS "KRB5_LIB_VARIABLE const krb5_cc_ops krb5_dcc_ops"
+\fBInitial value:\fP
.PP
+.nf
+= {
+ KRB5_CC_OPS_VERSION,
+ "DIR",
+ dcc_get_name,
+ dcc_resolve,
+ dcc_gen_new,
+ dcc_initialize,
+ dcc_destroy,
+ dcc_close,
+ dcc_store_cred,
+ NULL,
+ dcc_get_principal,
+ dcc_get_first,
+ dcc_get_next,
+ dcc_end_get,
+ dcc_remove_cred,
+ dcc_set_flags,
+ dcc_get_version,
+ dcc_get_cache_first,
+ dcc_get_cache_next,
+ dcc_end_cache_get,
+ dcc_move,
+ dcc_get_default_name,
+ dcc_set_default,
+ dcc_lastchange,
+ dcc_set_kdc_offset,
+ dcc_get_kdc_offset
+}
+.fi
+Variable containing the DIR based credential cache implemention\&.
+.SS "KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops"
\fBInitial value:\fP
.PP
.nf
- {
+= {
KRB5_CC_OPS_VERSION,
- 'FILE',
+ "FILE",
fcc_get_name,
fcc_resolve,
fcc_gen_new,
@@ -850,15 +840,14 @@ Variable containing the API based credential cache implemention.
fcc_get_kdc_offset
}
.fi
-Variable containing the FILE based credential cache implemention.
-.SS "KRB5_LIB_VARIABLE const krb5_cc_ops \fBkrb5_mcc_ops\fP"
-.PP
+Variable containing the FILE based credential cache implemention\&.
+.SS "KRB5_LIB_VARIABLE const krb5_cc_ops krb5_mcc_ops"
\fBInitial value:\fP
.PP
.nf
- {
+= {
KRB5_CC_OPS_VERSION,
- 'MEMORY',
+ "MEMORY",
mcc_get_name,
mcc_resolve,
mcc_gen_new,
@@ -885,4 +874,7 @@ Variable containing the FILE based credential cache implemention.
mcc_get_kdc_offset
}
.fi
-Variable containing the MEMORY based credential cache implemention.
+Variable containing the MEMORY based credential cache implemention\&.
+.SH "Author"
+.PP
+Generated automatically by Doxygen for HeimdalKerberos5library from the source code\&.
diff --git a/doc/doxyout/krb5/man/man3/krb5_ccache_intro.3 b/doc/doxyout/krb5/man/man3/krb5_ccache_intro.3
index c88c31df6627..5ff2ad059ff9 100644
--- a/doc/doxyout/krb5/man/man3/krb5_ccache_intro.3
+++ b/doc/doxyout/krb5/man/man3/krb5_ccache_intro.3
@@ -1,11 +1,12 @@
-.TH "krb5_ccache_intro" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*-
+.TH "krb5_ccache_intro" 3 "Fri Dec 8 2017" "Version 7.5.0" "HeimdalKerberos5library" \" -*- nroff -*-
.ad l
.nh
.SH NAME
-krb5_ccache_intro \- The credential cache functions
+krb5_ccache_introThe credential cache functions
+ \-
.SH "Kerberos credential caches"
.PP
-krb5_ccache structure holds a Kerberos credential cache.
+krb5_ccache structure holds a Kerberos credential cache\&.
.PP
Heimdal support the follow types of credential caches:
.PP
@@ -24,7 +25,7 @@ KCM A credential cache server based solution for all platforms
This is a minimalistic version of klist:
.PP
.nf
-#include <krb5.h>
+#include <krb5\&.h>
int
main (int argc, char **argv)
@@ -36,27 +37,27 @@ main (int argc, char **argv)
krb5_creds creds;
if (krb5_init_context (&context) != 0)
- errx(1, 'krb5_context');
+ errx(1, "krb5_context");
ret = krb5_cc_default (context, &id);
if (ret)
- krb5_err(context, 1, ret, 'krb5_cc_default');
+ krb5_err(context, 1, ret, "krb5_cc_default");
ret = krb5_cc_start_seq_get(context, id, &cursor);
if (ret)
- krb5_err(context, 1, ret, 'krb5_cc_start_seq_get');
+ krb5_err(context, 1, ret, "krb5_cc_start_seq_get");
while((ret = krb5_cc_next_cred(context, id, &cursor, &creds)) == 0){
char *principal;
- krb5_unparse_name(context, creds.server, &principal);
- printf('principal: %s\\n', principal);
+ krb5_unparse_name(context, creds\&.server, &principal);
+ printf("principal: %s\\n", principal);
free(principal);
krb5_free_cred_contents (context, &creds);
}
ret = krb5_cc_end_seq_get(context, id, &cursor);
if (ret)
- krb5_err(context, 1, ret, 'krb5_cc_end_seq_get');
+ krb5_err(context, 1, ret, "krb5_cc_end_seq_get");
krb5_cc_close(context, id);
diff --git a/doc/doxyout/krb5/man/man3/krb5_credential.3 b/doc/doxyout/krb5/man/man3/krb5_credential.3
index adb919fa2e56..af601191d16a 100644
--- a/doc/doxyout/krb5/man/man3/krb5_credential.3
+++ b/doc/doxyout/krb5/man/man3/krb5_credential.3
@@ -1,8 +1,11 @@
-.TH "Heimdal Kerberos 5 credential handing functions" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*-
+.TH "krb5_credential" 3 "Fri Dec 8 2017" "Version 7.5.0" "HeimdalKerberos5library" \" -*- nroff -*-
.ad l
.nh
.SH NAME
-Heimdal Kerberos 5 credential handing functions \-
+krb5_credential
+.SH SYNOPSIS
+.br
+.PP
.SS "Functions"
.in +1c
@@ -58,107 +61,95 @@ Heimdal Kerberos 5 credential handing functions \-
.SH "Function Documentation"
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_fwd_tgt_creds (krb5_context context, krb5_auth_context auth_context, const char * hostname, krb5_principal client, krb5_principal server, krb5_ccache ccache, int forwardable, krb5_data * out_data)"
-.PP
-Forward credentials for client to host hostname , making them forwardable if forwardable, and returning the blob of data to sent in out_data. If hostname == NULL, pick it from server.
+Forward credentials for client to host hostname , making them forwardable if forwardable, and returning the blob of data to sent in out_data\&. If hostname == NULL, pick it from server\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A kerberos 5 context.
+\fIcontext\fP A kerberos 5 context\&.
.br
-\fIauth_context\fP the auth context with the key to encrypt the out_data.
+\fIauth_context\fP the auth context with the key to encrypt the out_data\&.
.br
-\fIhostname\fP the host to forward the tickets too.
+\fIhostname\fP the host to forward the tickets too\&.
.br
-\fIclient\fP the client to delegate from.
+\fIclient\fP the client to delegate from\&.
.br
-\fIserver\fP the server to delegate the credential too.
+\fIserver\fP the server to delegate the credential too\&.
.br
-\fIccache\fP credential cache to use.
+\fIccache\fP credential cache to use\&.
.br
-\fIforwardable\fP make the forwarded ticket forwabledable.
+\fIforwardable\fP make the forwarded ticket forwabledable\&.
.br
-\fIout_data\fP the resulting credential.
+\fIout_data\fP the resulting credential\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_forwarded_creds (krb5_context context, krb5_auth_context auth_context, krb5_ccache ccache, krb5_flags flags, const char * hostname, krb5_creds * in_creds, krb5_data * out_data)"
+Gets tickets forwarded to hostname\&. If the tickets that are forwarded are address-less, the forwarded tickets will also be address-less\&.
.PP
-Gets tickets forwarded to hostname. If the tickets that are forwarded are address-less, the forwarded tickets will also be address-less.
-.PP
-If the ticket have any address, hostname will be used for figure out the address to forward the ticket too. This since this might use DNS, its insecure and also doesn't represent configured all addresses of the host. For example, the host might have two adresses, one IPv4 and one IPv6 address where the later is not published in DNS. This IPv6 address might be used communications and thus the resulting ticket useless.
+If the ticket have any address, hostname will be used for figure out the address to forward the ticket too\&. This since this might use DNS, its insecure and also doesn't represent configured all addresses of the host\&. For example, the host might have two adresses, one IPv4 and one IPv6 address where the later is not published in DNS\&. This IPv6 address might be used communications and thus the resulting ticket useless\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A kerberos 5 context.
+\fIcontext\fP A kerberos 5 context\&.
.br
-\fIauth_context\fP the auth context with the key to encrypt the out_data.
+\fIauth_context\fP the auth context with the key to encrypt the out_data\&.
.br
\fIccache\fP credential cache to use
.br
\fIflags\fP the flags to control the resulting ticket flags
.br
-\fIhostname\fP the host to forward the tickets too.
+\fIhostname\fP the host to forward the tickets too\&.
.br
-\fIin_creds\fP the in client and server ticket names. The client and server components forwarded to the remote host.
+\fIin_creds\fP the in client and server ticket names\&. The client and server components forwarded to the remote host\&.
.br
-\fIout_data\fP the resulting credential.
+\fIout_data\fP the resulting credential\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
-
-.PP
-Some older of the MIT gssapi library used clear-text tickets (warped inside AP-REQ encryption), use the krb5_auth_context flag KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED to support those tickets. The session key is used otherwise to encrypt the forwarded ticket.
+Some older of the MIT gssapi library used clear-text tickets (warped inside AP-REQ encryption), use the krb5_auth_context flag KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED to support those tickets\&. The session key is used otherwise to encrypt the forwarded ticket\&.
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_keyblock (krb5_context context, krb5_creds * creds, krb5_principal client, krb5_keyblock * keyblock, krb5_deltat start_time, const char * in_tkt_service, krb5_get_init_creds_opt * options)"
-.PP
-Get new credentials using keyblock.
+Get new credentials using keyblock\&.
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_keytab (krb5_context context, krb5_creds * creds, krb5_principal client, krb5_keytab keytab, krb5_deltat start_time, const char * in_tkt_service, krb5_get_init_creds_opt * options)"
-.PP
-Get new credentials using keytab.
+Get new credentials using keytab\&.
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_alloc (krb5_context context, krb5_get_init_creds_opt ** opt)"
-.PP
-Allocate a new krb5_get_init_creds_opt structure, free with \fBkrb5_get_init_creds_opt_free()\fP.
+Allocate a new krb5_get_init_creds_opt structure, free with \fBkrb5_get_init_creds_opt_free()\fP\&.
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_free (krb5_context context, krb5_get_init_creds_opt * opt)"
-.PP
-Free krb5_get_init_creds_opt structure.
+Free krb5_get_init_creds_opt structure\&.
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_password (krb5_context context, krb5_creds * creds, krb5_principal client, const char * password, krb5_prompter_fct prompter, void * data, krb5_deltat start_time, const char * in_tkt_service, krb5_get_init_creds_opt * options)"
-.PP
-Get new credentials using password.
+Get new credentials using password\&.
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_init_creds_free (krb5_context context, krb5_init_creds_context ctx)"
-.PP
-Free the krb5_init_creds_context allocated by \fBkrb5_init_creds_init()\fP.
+Free the krb5_init_creds_context allocated by \fBkrb5_init_creds_init()\fP\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos 5 context.
+\fIcontext\fP A Kerberos 5 context\&.
.br
-\fIctx\fP The krb5_init_creds_context to free.
+\fIctx\fP The krb5_init_creds_context to free\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_get (krb5_context context, krb5_init_creds_context ctx)"
-.PP
-Get new credentials as setup by the krb5_init_creds_context.
+Get new credentials as setup by the krb5_init_creds_context\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos 5 context.
+\fIcontext\fP A Kerberos 5 context\&.
.br
-\fIctx\fP The krb5_init_creds_context to process.
+\fIctx\fP The krb5_init_creds_context to process\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_get_error (krb5_context context, krb5_init_creds_context ctx, KRB_ERROR * error)"
-.PP
-Get the last error from the transaction.
+Get the last error from the transaction\&.
.PP
\fBReturns:\fP
.RS 4
@@ -167,113 +158,111 @@ Returns 0 or an error code
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_init (krb5_context context, krb5_principal client, krb5_prompter_fct prompter, void * prompter_data, krb5_deltat start_time, krb5_get_init_creds_opt * options, krb5_init_creds_context * rctx)"
-.PP
-Start a new context to get a new initial credential.
+Start a new context to get a new initial credential\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos 5 context.
+\fIcontext\fP A Kerberos 5 context\&.
.br
-\fIclient\fP The Kerberos principal to get the credential for, if NULL is given, the default principal is used as determined by krb5_get_default_principal().
+\fIclient\fP The Kerberos principal to get the credential for, if NULL is given, the default principal is used as determined by krb5_get_default_principal()\&.
.br
\fIprompter\fP
.br
\fIprompter_data\fP
.br
-\fIstart_time\fP the time the ticket should start to be valid or 0 for now.
+\fIstart_time\fP the time the ticket should start to be valid or 0 for now\&.
.br
-\fIoptions\fP a options structure, can be NULL for default options.
+\fIoptions\fP a options structure, can be NULL for default options\&.
.br
-\fIrctx\fP A new allocated free with \fBkrb5_init_creds_free()\fP.
+\fIrctx\fP A new allocated free with \fBkrb5_init_creds_free()\fP\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-0 for success or an Kerberos 5 error code, see krb5_get_error_message().
+0 for success or an Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_keytab (krb5_context context, krb5_init_creds_context ctx, krb5_keytab keytab)"
-.PP
-Set the keytab to use for authentication.
+Set the keytab to use for authentication\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Kerberos 5 context.
+\fIcontext\fP a Kerberos 5 context\&.
.br
-\fIctx\fP ctx krb5_init_creds_context context.
+\fIctx\fP ctx krb5_init_creds_context context\&.
.br
-\fIkeytab\fP the keytab to read the key from.
+\fIkeytab\fP the keytab to read the key from\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-0 for success, or an Kerberos 5 error code, see krb5_get_error_message().
+0 for success, or an Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_password (krb5_context context, krb5_init_creds_context ctx, const char * password)"
-.PP
-Sets the password that will use for the request.
+Sets the password that will use for the request\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Kerberos 5 context.
+\fIcontext\fP a Kerberos 5 context\&.
.br
-\fIctx\fP ctx krb5_init_creds_context context.
+\fIctx\fP ctx krb5_init_creds_context context\&.
.br
-\fIpassword\fP the password to use.
+\fIpassword\fP the password to use\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-0 for success, or an Kerberos 5 error code, see krb5_get_error_message().
+0 for success, or an Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_service (krb5_context context, krb5_init_creds_context ctx, const char * service)"
-.PP
-Sets the service that the is requested. This call is only neede for special initial tickets, by default the a krbtgt is fetched in the default realm.
+Sets the service that the is requested\&. This call is only neede for special initial tickets, by default the a krbtgt is fetched in the default realm\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Kerberos 5 context.
+\fIcontext\fP a Kerberos 5 context\&.
.br
-\fIctx\fP a krb5_init_creds_context context.
+\fIctx\fP a krb5_init_creds_context context\&.
.br
-\fIservice\fP the service given as a string, for example 'kadmind/admin'. If NULL, the default krbtgt in the clients realm is set.
+\fIservice\fP the service given as a string, for example 'kadmind/admin'\&. If NULL, the default krbtgt in the clients realm is set\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-0 for success, or an Kerberos 5 error code, see krb5_get_error_message().
+0 for success, or an Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_step (krb5_context context, krb5_init_creds_context ctx, krb5_data * in, krb5_data * out, krb5_krbhst_info * hostinfo, unsigned int * flags)"
+The core loop if krb5_get_init_creds() function family\&. Create the packets and have the caller send them off to the KDC\&.
.PP
-The core loop if krb5_get_init_creds() function family. Create the packets and have the caller send them off to the KDC.
-.PP
-If the caller want all work been done for them, use \fBkrb5_init_creds_get()\fP instead.
+If the caller want all work been done for them, use \fBkrb5_init_creds_get()\fP instead\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Kerberos 5 context.
+\fIcontext\fP a Kerberos 5 context\&.
.br
-\fIctx\fP ctx krb5_init_creds_context context.
+\fIctx\fP ctx krb5_init_creds_context context\&.
.br
-\fIin\fP input data from KDC, first round it should be reset by krb5_data_zer().
+\fIin\fP input data from KDC, first round it should be reset by krb5_data_zer()\&.
.br
-\fIout\fP reply to KDC.
+\fIout\fP reply to KDC\&.
.br
-\fIhostinfo\fP KDC address info, first round it can be NULL.
+\fIhostinfo\fP KDC address info, first round it can be NULL\&.
.br
-\fIflags\fP status of the round, if KRB5_INIT_CREDS_STEP_FLAG_CONTINUE is set, continue one more round.
+\fIflags\fP status of the round, if KRB5_INIT_CREDS_STEP_FLAG_CONTINUE is set, continue one more round\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-0 for success, or an Kerberos 5 error code, see krb5_get_error_message().
+0 for success, or an Kerberos 5 error code, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
+.SH "Author"
+.PP
+Generated automatically by Doxygen for HeimdalKerberos5library from the source code\&.
diff --git a/doc/doxyout/krb5/man/man3/krb5_crypto.3 b/doc/doxyout/krb5/man/man3/krb5_crypto.3
index 55adfa3ed8c6..8e4a1391a539 100644
--- a/doc/doxyout/krb5/man/man3/krb5_crypto.3
+++ b/doc/doxyout/krb5/man/man3/krb5_crypto.3
@@ -1,12 +1,21 @@
-.TH "Heimdal Kerberos 5 cryptography functions" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*-
+.TH "krb5_crypto" 3 "Fri Dec 8 2017" "Version 7.5.0" "HeimdalKerberos5library" \" -*- nroff -*-
.ad l
.nh
.SH NAME
-Heimdal Kerberos 5 cryptography functions \-
+krb5_crypto
+.SH SYNOPSIS
+.br
+.PP
.SS "Functions"
.in +1c
.ti -1c
+.RI "HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_generate_random\fP (void *buf, size_t len)"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_generate_random_block\fP (void *buf, size_t len)"
+.br
+.ti -1c
.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_enctype_valid\fP (krb5_context context, krb5_enctype etype)"
.br
.ti -1c
@@ -52,6 +61,12 @@ Heimdal Kerberos 5 cryptography functions \-
.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_allow_weak_crypto\fP (krb5_context context, krb5_boolean enable)"
.br
.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_is_enctype_weak\fP (krb5_context context, krb5_enctype enctype)"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fB_krb5_enctype_requires_random_salt\fP (krb5_context context, krb5_enctype enctype)"
+.br
+.ti -1c
.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_random_to_key\fP (krb5_context context, krb5_enctype type, const void *data, size_t size, krb5_keyblock *key)"
.br
.ti -1c
@@ -81,14 +96,56 @@ Heimdal Kerberos 5 cryptography functions \-
.ti -1c
.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_keyblock_init\fP (krb5_context context, krb5_enctype type, const void *data, size_t size, krb5_keyblock *key)"
.br
+.ti -1c
+.RI "krb5_error_code \fB_krb5_SP800_108_HMAC_KDF\fP (krb5_context context, const krb5_data *kdf_K1, const krb5_data *kdf_label, const krb5_data *kdf_context, const EVP_MD *md, krb5_data *kdf_K0)"
+.br
.in -1c
.SH "Detailed Description"
.PP
.SH "Function Documentation"
.PP
-.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_allow_weak_crypto (krb5_context context, krb5_boolean enable)"
+.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL _krb5_enctype_requires_random_salt (krb5_context context, krb5_enctype enctype)"
+Returns whether the encryption type should use randomly generated salts
+.PP
+\fBParameters:\fP
+.RS 4
+\fIcontext\fP Kerberos 5 context
+.br
+\fIenctype\fP encryption type to probe
+.RE
+.PP
+\fBReturns:\fP
+.RS 4
+Returns true if generated salts should have random component
+.RE
+.PP
+
+.SS "krb5_error_code _krb5_SP800_108_HMAC_KDF (krb5_context context, const krb5_data * kdf_K1, const krb5_data * kdf_label, const krb5_data * kdf_context, const EVP_MD * md, krb5_data * kdf_K0)"
+As described in SP800-108 5\&.1 (for HMAC)
+.PP
+\fBParameters:\fP
+.RS 4
+\fIcontext\fP Kerberos 5 context
+.br
+\fIkdf_K1\fP Base key material\&.
+.br
+\fIkdf_label\fP A string that identifies the purpose for the derived key\&.
+.br
+\fIkdf_context\fP A binary string containing parties, nonce, etc\&.
+.br
+\fImd\fP Message digest function to use for PRF\&.
+.br
+\fIkdf_K0\fP Derived key data\&.
+.RE
+.PP
+\fBReturns:\fP
+.RS 4
+Return an error code for an failure or 0 on success\&.
+.RE
.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_allow_weak_crypto (krb5_context context, krb5_boolean enable)"
Enable or disable all weak encryption types
.PP
\fBParameters:\fP
@@ -100,13 +157,12 @@ Enable or disable all weak encryption types
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cksumtype_to_enctype (krb5_context context, krb5_cksumtype ctype, krb5_enctype * etype)"
-.PP
-Return the coresponding encryption type for a checksum type.
+Return the coresponding encryption type for a checksum type\&.
.PP
\fBParameters:\fP
.RS 4
@@ -114,18 +170,17 @@ Return the coresponding encryption type for a checksum type.
.br
\fIctype\fP The checksum type to get the result enctype for
.br
-\fIetype\fP The returned encryption, when the matching etype is not found, etype is set to ETYPE_NULL.
+\fIetype\fP The returned encryption, when the matching etype is not found, etype is set to ETYPE_NULL\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code for an failure or 0 on success.
+Return an error code for an failure or 0 on success\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_keyblock (krb5_context context, const krb5_keyblock * inblock, krb5_keyblock ** to)"
-.PP
-Copy a keyblock, free the output keyblock with \fBkrb5_free_keyblock()\fP.
+Copy a keyblock, free the output keyblock with \fBkrb5_free_keyblock()\fP\&.
.PP
\fBParameters:\fP
.RS 4
@@ -133,7 +188,7 @@ Copy a keyblock, free the output keyblock with \fBkrb5_free_keyblock()\fP.
.br
\fIinblock\fP the key to copy
.br
-\fIto\fP the output key.
+\fIto\fP the output key\&.
.RE
.PP
\fBReturns:\fP
@@ -143,8 +198,7 @@ Copy a keyblock, free the output keyblock with \fBkrb5_free_keyblock()\fP.
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_keyblock_contents (krb5_context context, const krb5_keyblock * inblock, krb5_keyblock * to)"
-.PP
-Copy a keyblock, free the output keyblock with \fBkrb5_free_keyblock_contents()\fP.
+Copy a keyblock, free the output keyblock with \fBkrb5_free_keyblock_contents()\fP\&.
.PP
\fBParameters:\fP
.RS 4
@@ -152,7 +206,7 @@ Copy a keyblock, free the output keyblock with \fBkrb5_free_keyblock_contents()\
.br
\fIinblock\fP the key to copy
.br
-\fIto\fP the output key.
+\fIto\fP the output key\&.
.RE
.PP
\fBReturns:\fP
@@ -162,8 +216,7 @@ Copy a keyblock, free the output keyblock with \fBkrb5_free_keyblock_contents()\
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_create_checksum_iov (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP * data, unsigned int num_data, krb5_cksumtype * type)"
-.PP
-Create a Kerberos message checksum.
+Create a Kerberos message checksum\&.
.PP
\fBParameters:\fP
.RS 4
@@ -182,13 +235,12 @@ Create a Kerberos message checksum.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_destroy (krb5_context context, krb5_crypto crypto)"
-.PP
-Free a crypto context created by \fBkrb5_crypto_init()\fP.
+Free a crypto context created by \fBkrb5_crypto_init()\fP\&.
.PP
\fBParameters:\fP
.RS 4
@@ -199,13 +251,12 @@ Free a crypto context created by \fBkrb5_crypto_init()\fP.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_fx_cf2 (krb5_context context, const krb5_crypto crypto1, const krb5_crypto crypto2, krb5_data * pepper1, krb5_data * pepper2, krb5_enctype enctype, krb5_keyblock * res)"
-.PP
-The FX-CF2 key derivation function, used in FAST and preauth framework.
+The FX-CF2 key derivation function, used in FAST and preauth framework\&.
.PP
\fBParameters:\fP
.RS 4
@@ -226,12 +277,11 @@ The FX-CF2 key derivation function, used in FAST and preauth framework.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getblocksize (krb5_context context, krb5_crypto crypto, size_t * blocksize)"
-.PP
Return the blocksize used algorithm referenced by the crypto context
.PP
\fBParameters:\fP
@@ -245,12 +295,11 @@ Return the blocksize used algorithm referenced by the crypto context
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getconfoundersize (krb5_context context, krb5_crypto crypto, size_t * confoundersize)"
-.PP
Return the confounder size used by the crypto context
.PP
\fBParameters:\fP
@@ -264,12 +313,11 @@ Return the confounder size used by the crypto context
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getenctype (krb5_context context, krb5_crypto crypto, krb5_enctype * enctype)"
-.PP
Return the encryption type used by the crypto context
.PP
\fBParameters:\fP
@@ -283,12 +331,11 @@ Return the encryption type used by the crypto context
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getpadsize (krb5_context context, krb5_crypto crypto, size_t * padsize)"
-.PP
Return the padding size used by the crypto context
.PP
\fBParameters:\fP
@@ -302,15 +349,14 @@ Return the padding size used by the crypto context
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_init (krb5_context context, const krb5_keyblock * key, krb5_enctype etype, krb5_crypto * crypto)"
+Create a crypto context used for all encryption and signature operation\&. The encryption type to use is taken from the key, but can be overridden with the enctype parameter\&. This can be useful for encryptions types which is compatiable (DES for example)\&.
.PP
-Create a crypto context used for all encryption and signature operation. The encryption type to use is taken from the key, but can be overridden with the enctype parameter. This can be useful for encryptions types which is compatiable (DES for example).
-.PP
-To free the crypto context, use \fBkrb5_crypto_destroy()\fP.
+To free the crypto context, use \fBkrb5_crypto_destroy()\fP\&.
.PP
\fBParameters:\fP
.RS 4
@@ -325,13 +371,12 @@ To free the crypto context, use \fBkrb5_crypto_destroy()\fP.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt_iov_ivec (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP * data, unsigned int num_data, void * ivec)"
-.PP
-Inline decrypt a Kerberos message.
+Inline decrypt a Kerberos message\&.
.PP
\fBParameters:\fP
.RS 4
@@ -350,12 +395,16 @@ Inline decrypt a Kerberos message.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
-1. KRB5_CRYPTO_TYPE_HEADER 2. one KRB5_CRYPTO_TYPE_DATA and array [0,...] of KRB5_CRYPTO_TYPE_SIGN_ONLY in any order, however the receiver have to aware of the order. KRB5_CRYPTO_TYPE_SIGN_ONLY is commonly used unencrypoted protocol headers and trailers. The output data will be of same size as the input data or shorter.
-.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encrypt_iov_ivec (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP * data, int num_data, void * ivec)"
+.IP "1." 4
+KRB5_CRYPTO_TYPE_HEADER
+.IP "2." 4
+one KRB5_CRYPTO_TYPE_DATA and array [0,\&.\&.\&.] of KRB5_CRYPTO_TYPE_SIGN_ONLY in any order, however the receiver have to aware of the order\&. KRB5_CRYPTO_TYPE_SIGN_ONLY is commonly used unencrypoted protocol headers and trailers\&. The output data will be of same size as the input data or shorter\&.
.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encrypt_iov_ivec (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP * data, int num_data, void * ivec)"
Inline encrypt a kerberos message
.PP
\fBParameters:\fP
@@ -375,14 +424,22 @@ Inline encrypt a kerberos message
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
Kerberos encrypted data look like this:
.PP
-1. KRB5_CRYPTO_TYPE_HEADER 2. array [1,...] KRB5_CRYPTO_TYPE_DATA and array [0,...] KRB5_CRYPTO_TYPE_SIGN_ONLY in any order, however the receiver have to aware of the order. KRB5_CRYPTO_TYPE_SIGN_ONLY is commonly used headers and trailers. 3. KRB5_CRYPTO_TYPE_PADDING, at least on padsize long if padsize > 1 4. KRB5_CRYPTO_TYPE_TRAILER
-.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_disable (krb5_context context, krb5_enctype enctype)"
+.IP "1." 4
+KRB5_CRYPTO_TYPE_HEADER
+.IP "2." 4
+array [1,\&.\&.\&.] KRB5_CRYPTO_TYPE_DATA and array [0,\&.\&.\&.] KRB5_CRYPTO_TYPE_SIGN_ONLY in any order, however the receiver have to aware of the order\&. KRB5_CRYPTO_TYPE_SIGN_ONLY is commonly used headers and trailers\&.
+.IP "3." 4
+KRB5_CRYPTO_TYPE_PADDING, at least on padsize long if padsize > 1
+.IP "4." 4
+KRB5_CRYPTO_TYPE_TRAILER
.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_disable (krb5_context context, krb5_enctype enctype)"
Disable encryption type
.PP
\fBParameters:\fP
@@ -394,12 +451,11 @@ Disable encryption type
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_enable (krb5_context context, krb5_enctype enctype)"
-.PP
Enable encryption type
.PP
\fBParameters:\fP
@@ -411,13 +467,12 @@ Enable encryption type
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_valid (krb5_context context, krb5_enctype etype)"
-.PP
-Check if a enctype is valid, return 0 if it is.
+Check if a enctype is valid, return 0 if it is\&.
.PP
\fBParameters:\fP
.RS 4
@@ -428,13 +483,12 @@ Check if a enctype is valid, return 0 if it is.
.PP
\fBReturns:\fP
.RS 4
-Return an error code for an failure or 0 on success (enctype valid).
+Return an error code for an failure or 0 on success (enctype valid)\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_keyblock (krb5_context context, krb5_keyblock * keyblock)"
-.PP
-Free a keyblock, also zero out the content of the keyblock, uses \fBkrb5_free_keyblock_contents()\fP to free the content.
+Free a keyblock, also zero out the content of the keyblock, uses \fBkrb5_free_keyblock_contents()\fP to free the content\&.
.PP
\fBParameters:\fP
.RS 4
@@ -445,8 +499,7 @@ Free a keyblock, also zero out the content of the keyblock, uses \fBkrb5_free_ke
.PP
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_keyblock_contents (krb5_context context, krb5_keyblock * keyblock)"
-.PP
-Free a keyblock's content, also zero out the content of the keyblock.
+Free a keyblock's content, also zero out the content of the keyblock\&.
.PP
\fBParameters:\fP
.RS 4
@@ -456,8 +509,40 @@ Free a keyblock's content, also zero out the content of the keyblock.
.RE
.PP
-.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_subkey_extended (krb5_context context, const krb5_keyblock * key, krb5_enctype etype, krb5_keyblock ** subkey)"
+.SS "HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_random (void * buf, size_t len)"
+Fill buffer buf with len bytes of PRNG randomness that is ok to use for key generation, padding and public diclosing the randomness w/o disclosing the randomness source\&.
+.PP
+This function can fail, and callers must check the return value\&.
+.PP
+\fBParameters:\fP
+.RS 4
+\fIbuf\fP a buffer to fill with randomness
+.br
+\fIlen\fP length of memory that buf points to\&.
+.RE
+.PP
+\fBReturns:\fP
+.RS 4
+return 0 on success or HEIM_ERR_RANDOM_OFFLINE if the funcation failed to initialize the randomness source\&.
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_generate_random_block (void * buf, size_t len)"
+Fill buffer buf with len bytes of PRNG randomness that is ok to use for key generation, padding and public diclosing the randomness w/o disclosing the randomness source\&.
+.PP
+This function can NOT fail, instead it will abort() and program will crash\&.
+.PP
+If this function is called after a successful \fBkrb5_init_context()\fP, the chance of it failing is low due to that \fBkrb5_init_context()\fP pulls out some random, and quite commonly the randomness sources will not fail once it have started to produce good output, /dev/urandom behavies that way\&.
.PP
+\fBParameters:\fP
+.RS 4
+\fIbuf\fP a buffer to fill with randomness
+.br
+\fIlen\fP length of memory that buf points to\&.
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_subkey_extended (krb5_context context, const krb5_keyblock * key, krb5_enctype etype, krb5_keyblock ** subkey)"
Generate subkey, from keyblock
.PP
\fBParameters:\fP
@@ -468,7 +553,7 @@ Generate subkey, from keyblock
.br
\fIetype\fP encryption type of subkey, if ETYPE_NULL, use key's enctype
.br
-\fIsubkey\fP returned new, free with \fBkrb5_free_keyblock()\fP.
+\fIsubkey\fP returned new, free with \fBkrb5_free_keyblock()\fP\&.
.RE
.PP
\fBReturns:\fP
@@ -477,12 +562,26 @@ Generate subkey, from keyblock
.RE
.PP
-.SS "KRB5_LIB_FUNCTION krb5_enctype KRB5_LIB_CALL krb5_keyblock_get_enctype (const krb5_keyblock * block)"
+.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_is_enctype_weak (krb5_context context, krb5_enctype enctype)"
+Returns is the encryption is strong or weak
.PP
-Get encryption type of a keyblock.
-.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keyblock_init (krb5_context context, krb5_enctype type, const void * data, size_t size, krb5_keyblock * key)"
+\fBParameters:\fP
+.RS 4
+\fIcontext\fP Kerberos 5 context
+.br
+\fIenctype\fP encryption type to probe
+.RE
+.PP
+\fBReturns:\fP
+.RS 4
+Returns true if encryption type is weak or is not supported\&.
+.RE
.PP
-Fill in `key' with key data of type `enctype' from `data' of length `size'. Key should be freed using \fBkrb5_free_keyblock_contents()\fP.
+
+.SS "KRB5_LIB_FUNCTION krb5_enctype KRB5_LIB_CALL krb5_keyblock_get_enctype (const krb5_keyblock * block)"
+Get encryption type of a keyblock\&.
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keyblock_init (krb5_context context, krb5_enctype type, const void * data, size_t size, krb5_keyblock * key)"
+Fill in `key' with key data of type `enctype' from `data' of length `size'\&. Key should be freed using \fBkrb5_free_keyblock_contents()\fP\&.
.PP
\fBReturns:\fP
.RS 4
@@ -491,7 +590,6 @@ Fill in `key' with key data of type `enctype' from `data' of length `size'. Key
.PP
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_keyblock_zero (krb5_keyblock * keyblock)"
-.PP
Zero out a keyblock
.PP
\fBParameters:\fP
@@ -501,8 +599,7 @@ Zero out a keyblock
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_random_to_key (krb5_context context, krb5_enctype type, const void * data, size_t size, krb5_keyblock * key)"
-.PP
-Converts the random bytestring to a protocol key according to Kerberos crypto frame work. It may be assumed that all the bits of the input string are equally random, even though the entropy present in the random source may be limited.
+Converts the random bytestring to a protocol key according to Kerberos crypto frame work\&. It may be assumed that all the bits of the input string are equally random, even though the entropy present in the random source may be limited\&.
.PP
\fBParameters:\fP
.RS 4
@@ -519,13 +616,12 @@ Converts the random bytestring to a protocol key according to Kerberos crypto fr
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_checksum_iov (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP * data, unsigned int num_data, krb5_cksumtype * type)"
-.PP
-Verify a Kerberos message checksum.
+Verify a Kerberos message checksum\&.
.PP
\fBParameters:\fP
.RS 4
@@ -544,7 +640,10 @@ Verify a Kerberos message checksum.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
+.SH "Author"
+.PP
+Generated automatically by Doxygen for HeimdalKerberos5library from the source code\&.
diff --git a/doc/doxyout/krb5/man/man3/krb5_crypto_iov.3 b/doc/doxyout/krb5/man/man3/krb5_crypto_iov.3
index 6f0e815673d3..24e21fa14466 100644
--- a/doc/doxyout/krb5/man/man3/krb5_crypto_iov.3
+++ b/doc/doxyout/krb5/man/man3/krb5_crypto_iov.3
@@ -1,17 +1,17 @@
-.TH "krb5_crypto_iov" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*-
+.TH "krb5_crypto_iov" 3 "Fri Dec 8 2017" "Version 7.5.0" "HeimdalKerberos5library" \" -*- nroff -*-
.ad l
.nh
.SH NAME
-krb5_crypto_iov \-
+krb5_crypto_iov
.SH SYNOPSIS
.br
.PP
-\fC#include <krb5.h>\fP
.PP
+\fC#include <krb5\&.h>\fP
.SH "Detailed Description"
.PP
Semi private, not stable yet
.SH "Author"
.PP
-Generated automatically by Doxygen for HeimdalKerberos5library from the source code.
+Generated automatically by Doxygen for HeimdalKerberos5library from the source code\&.
diff --git a/doc/doxyout/krb5/man/man3/krb5_dcc_ops.3 b/doc/doxyout/krb5/man/man3/krb5_dcc_ops.3
new file mode 100644
index 000000000000..e64747b9d073
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_dcc_ops.3
@@ -0,0 +1 @@
+.so man3/krb5_ccache.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_deprecated.3 b/doc/doxyout/krb5/man/man3/krb5_deprecated.3
index 840df01a7009..d507566c79d4 100644
--- a/doc/doxyout/krb5/man/man3/krb5_deprecated.3
+++ b/doc/doxyout/krb5/man/man3/krb5_deprecated.3
@@ -1,8 +1,11 @@
-.TH "Heimdal Kerberos 5 deprecated functions" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*-
+.TH "krb5_deprecated" 3 "Fri Dec 8 2017" "Version 7.5.0" "HeimdalKerberos5library" \" -*- nroff -*-
.ad l
.nh
.SH NAME
-Heimdal Kerberos 5 deprecated functions \-
+krb5_deprecated
+.SH SYNOPSIS
+.br
+.PP
.SS "Functions"
.in +1c
@@ -58,10 +61,10 @@ Heimdal Kerberos 5 deprecated functions \-
.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_error_string\fP (krb5_context context, char *str) KRB5_DEPRECATED_FUNCTION('Use X instead')"
.br
.ti -1c
-.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_set_error_string\fP (krb5_context context, const char *fmt,...) __attribute__((format(printf"
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_set_error_string\fP (krb5_context context, const char *fmt,\&.\&.\&.) __attribute__((__format__(__printf__"
.br
.ti -1c
-.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_vset_error_string\fP (krb5_context context, const char *fmt, va_list args) __attribute__((format(printf"
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_vset_error_string\fP (krb5_context context, const char *fmt, va_list args) __attribute__((__format__(__printf__"
.br
.ti -1c
.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_clear_error_string\fP (krb5_context context) KRB5_DEPRECATED_FUNCTION('Use X instead')"
@@ -97,14 +100,11 @@ Heimdal Kerberos 5 deprecated functions \-
.SH "Function Documentation"
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_getremoteseqnumber (krb5_context context, krb5_auth_context auth_context, int32_t * seqnumber)"
-.PP
Deprecated: use krb5_auth_con_getremoteseqnumber()
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_enctype_compare (krb5_context context, krb5_enctype e1, krb5_enctype e2, krb5_boolean * similar)"
-.PP
-Deprecated: keytypes doesn't exists, they are really enctypes.
+Deprecated: keytypes doesn't exists, they are really enctypes\&.
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_change_password (krb5_context context, krb5_creds * creds, const char * newpw, int * result_code, krb5_data * result_code_string, krb5_data * result_string)"
-.PP
-Deprecated: \fBkrb5_change_password()\fP is deprecated, use \fBkrb5_set_password()\fP.
+Deprecated: \fBkrb5_change_password()\fP is deprecated, use \fBkrb5_set_password()\fP\&.
.PP
\fBParameters:\fP
.RS 4
@@ -123,13 +123,12 @@ Deprecated: \fBkrb5_change_password()\fP is deprecated, use \fBkrb5_set_password
.PP
\fBReturns:\fP
.RS 4
-On sucess password is changed.
+On sucess password is changed\&.
.RE
.PP
@
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_clear_error_string (krb5_context context)"
-.PP
-Clear the error message returned by krb5_get_error_string().
+Clear the error message returned by \fBkrb5_get_error_string()\fP\&.
.PP
Deprecated: use \fBkrb5_clear_error_message()\fP
.PP
@@ -140,33 +139,28 @@ Deprecated: use \fBkrb5_clear_error_message()\fP
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_parse_string_multi (krb5_context context, const char * string, krb5_config_section ** res)"
-.PP
Deprecated: configuration files are not strings
.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_enctypes_compatible_keys (krb5_context context, krb5_enctype etype1, krb5_enctype etype2)"
-.PP
-Deprecated: keytypes doesn't exists, they are really enctypes.
+Deprecated: keytypes doesn't exists, they are really enctypes\&.
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_creds_contents (krb5_context context, krb5_creds * c)"
-.PP
Deprecated: use \fBkrb5_free_cred_contents()\fP
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_data_contents (krb5_context context, krb5_data * data)"
+Same as \fBkrb5_data_free()\fP\&. MIT compat\&.
.PP
-Same as \fBkrb5_data_free()\fP. MIT compat.
-.PP
-Deprecated: use \fBkrb5_data_free()\fP.
+Deprecated: use \fBkrb5_data_free()\fP\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
-\fIdata\fP krb5_data to free.
+\fIdata\fP krb5_data to free\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_error_string (krb5_context context, char * str)"
+Free the error message returned by \fBkrb5_get_error_string()\fP\&.
.PP
-Free the error message returned by krb5_get_error_string().
-.PP
-Deprecated: use krb5_free_error_message()
+Deprecated: use \fBkrb5_free_error_message()\fP
.PP
\fBParameters:\fP
.RS 4
@@ -177,60 +171,43 @@ Deprecated: use krb5_free_error_message()
.PP
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_unparsed_name (krb5_context context, char * str)"
-.PP
-Deprecated: use krb5_xfree().
+Deprecated: use krb5_xfree()\&.
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_subkey (krb5_context context, const krb5_keyblock * key, krb5_keyblock ** subkey)"
-.PP
Deprecated: use \fBkrb5_generate_subkey_extended()\fP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_cred_from_kdc (krb5_context context, krb5_ccache ccache, krb5_creds * in_creds, krb5_creds ** out_creds, krb5_creds *** ret_tgts)"
-.PP
-Deprecated: use krb5_get_credentials_with_flags().
+Deprecated: use krb5_get_credentials_with_flags()\&.
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_cred_from_kdc_opt (krb5_context context, krb5_ccache ccache, krb5_creds * in_creds, krb5_creds ** out_creds, krb5_creds *** ret_tgts, krb5_flags flags)"
-.PP
-Deprecated: use krb5_get_credentials_with_flags().
+Deprecated: use krb5_get_credentials_with_flags()\&.
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_tkt_with_keytab (krb5_context context, krb5_flags options, krb5_addresses * addrs, const krb5_enctype * etypes, const krb5_preauthtype * pre_auth_types, krb5_keytab keytab, krb5_ccache ccache, krb5_creds * creds, krb5_kdc_rep * ret_as_reply)"
-.PP
-Deprecated: use krb5_get_init_creds() and friends.
+Deprecated: use krb5_get_init_creds() and friends\&.
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_tkt_with_password (krb5_context context, krb5_flags options, krb5_addresses * addrs, const krb5_enctype * etypes, const krb5_preauthtype * pre_auth_types, const char * password, krb5_ccache ccache, krb5_creds * creds, krb5_kdc_rep * ret_as_reply)"
-.PP
-Deprecated: use krb5_get_init_creds() and friends.
+Deprecated: use krb5_get_init_creds() and friends\&.
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_tkt_with_skey (krb5_context context, krb5_flags options, krb5_addresses * addrs, const krb5_enctype * etypes, const krb5_preauthtype * pre_auth_types, const krb5_keyblock * key, krb5_ccache ccache, krb5_creds * creds, krb5_kdc_rep * ret_as_reply)"
-.PP
-Deprecated: use krb5_get_init_creds() and friends.
+Deprecated: use krb5_get_init_creds() and friends\&.
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_get_error (krb5_context context, krb5_get_init_creds_opt * opt, KRB_ERROR ** error)"
-.PP
-Deprecated: use the new \fBkrb5_init_creds_init()\fP and \fBkrb5_init_creds_get_error()\fP.
+Deprecated: use the new \fBkrb5_init_creds_init()\fP and \fBkrb5_init_creds_get_error()\fP\&.
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_init (krb5_get_init_creds_opt * opt)"
+Deprecated: use \fBkrb5_get_init_creds_opt_alloc()\fP\&.
.PP
-Deprecated: use \fBkrb5_get_init_creds_opt_alloc()\fP.
-.PP
-The reason \fBkrb5_get_init_creds_opt_init()\fP is deprecated is that krb5_get_init_creds_opt is a static structure and for ABI reason it can't grow, ie can't add new functionality.
+The reason \fBkrb5_get_init_creds_opt_init()\fP is deprecated is that krb5_get_init_creds_opt is a static structure and for ABI reason it can't grow, ie can't add new functionality\&.
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_CALLCONV krb5_keytab_key_proc (krb5_context context, krb5_enctype enctype, krb5_salt salt, krb5_const_pointer keyseed, krb5_keyblock ** key)"
-.PP
-Deprecated: use krb5_get_init_creds() and friends.
+Deprecated: use krb5_get_init_creds() and friends\&.
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keytype_to_enctypes (krb5_context context, krb5_keytype keytype, unsigned * len, krb5_enctype ** val)"
-.PP
-Deprecated: keytypes doesn't exists, they are really enctypes.
+Deprecated: keytypes doesn't exists, they are really enctypes\&.
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keytype_to_enctypes_default (krb5_context context, krb5_keytype keytype, unsigned * len, krb5_enctype ** val)"
-.PP
-Deprecated: keytypes doesn't exists, they are really enctypes.
+Deprecated: keytypes doesn't exists, they are really enctypes\&.
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keytype_to_string (krb5_context context, krb5_keytype keytype, char ** string)"
-.PP
-Deprecated: keytypes doesn't exists, they are really enctypes in most cases, use krb5_enctype_to_string().
+Deprecated: keytypes doesn't exists, they are really enctypes in most cases, use krb5_enctype_to_string()\&.
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_CALLCONV krb5_password_key_proc (krb5_context context, krb5_enctype type, krb5_salt salt, krb5_const_pointer keyseed, krb5_keyblock ** key)"
-.PP
-Deprecated: use krb5_get_init_creds() and friends.
+Deprecated: use krb5_get_init_creds() and friends\&.
.SS "KRB5_LIB_FUNCTION krb5_realm* KRB5_LIB_CALL krb5_princ_realm (krb5_context context, krb5_principal principal)"
-.PP
Deprecated: use \fBkrb5_principal_get_realm()\fP
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_princ_set_realm (krb5_context context, krb5_principal principal, krb5_realm * realm)"
-.PP
Deprecated: use \fBkrb5_principal_set_realm()\fP
-.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_error_string (krb5_context context, const char * fmt, ...)"
-.PP
-Set the error message returned by krb5_get_error_string().
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_error_string (krb5_context context, const char * fmt, \&.\&.\&.)"
+Set the error message returned by \fBkrb5_get_error_string()\fP\&.
.PP
-Deprecated: use krb5_get_error_message()
+Deprecated: use \fBkrb5_get_error_message()\fP
.PP
\fBParameters:\fP
.RS 4
@@ -241,29 +218,32 @@ Deprecated: use krb5_get_error_message()
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_keytype (krb5_context context, const char * string, krb5_keytype * keytype)"
-.PP
-Deprecated: keytypes doesn't exists, they are really enctypes in most cases, use krb5_string_to_enctype().
+Deprecated: keytypes doesn't exists, they are really enctypes in most cases, use krb5_string_to_enctype()\&.
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vset_error_string (krb5_context context, const char * fmt, va_list args)"
+Set the error message returned by \fBkrb5_get_error_string()\fP, deprecated, use \fBkrb5_set_error_message()\fP\&.
.PP
-Set the error message returned by krb5_get_error_string(), deprecated, use \fBkrb5_set_error_message()\fP.
-.PP
-Deprecated: use krb5_vset_error_message()
+Deprecated: use \fBkrb5_vset_error_message()\fP
.PP
\fBParameters:\fP
.RS 4
\fIcontext\fP Kerberos context
.br
-\fImsg\fP error message to free
+\fIfmt\fP error message to free
+.br
+\fIargs\fP variable argument list vector
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
+.SH "Author"
+.PP
+Generated automatically by Doxygen for HeimdalKerberos5library from the source code\&.
diff --git a/doc/doxyout/krb5/man/man3/krb5_digest.3 b/doc/doxyout/krb5/man/man3/krb5_digest.3
index e447cf0bdd9c..828894f433d3 100644
--- a/doc/doxyout/krb5/man/man3/krb5_digest.3
+++ b/doc/doxyout/krb5/man/man3/krb5_digest.3
@@ -1,8 +1,11 @@
-.TH "Heimdal Kerberos 5 digest service" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*-
+.TH "krb5_digest" 3 "Fri Dec 8 2017" "Version 7.5.0" "HeimdalKerberos5library" \" -*- nroff -*-
.ad l
.nh
.SH NAME
-Heimdal Kerberos 5 digest service \-
+krb5_digest
+.SH SYNOPSIS
+.br
+.PP
.SS "Functions"
.in +1c
@@ -16,23 +19,25 @@ Heimdal Kerberos 5 digest service \-
.SH "Function Documentation"
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_probe (krb5_context context, krb5_realm realm, krb5_ccache ccache, unsigned * flags)"
-.PP
-Get the supported/allowed mechanism for this principal.
+Get the supported/allowed mechanism for this principal\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Keberos context.
+\fIcontext\fP A Keberos context\&.
.br
-\fIrealm\fP The realm of the KDC.
+\fIrealm\fP The realm of the KDC\&.
.br
-\fIccache\fP The credential cache to use when talking to the KDC.
+\fIccache\fP The credential cache to use when talking to the KDC\&.
.br
-\fIflags\fP The supported mechanism.
+\fIflags\fP The supported mechanism\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
+.SH "Author"
+.PP
+Generated automatically by Doxygen for HeimdalKerberos5library from the source code\&.
diff --git a/doc/doxyout/krb5/man/man3/krb5_err.3 b/doc/doxyout/krb5/man/man3/krb5_err.3
new file mode 100644
index 000000000000..f721fda2cd4b
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_err.3
@@ -0,0 +1 @@
+.so man3/krb5_error.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_error.3 b/doc/doxyout/krb5/man/man3/krb5_error.3
index 4d2baf29318b..b10f06236ea6 100644
--- a/doc/doxyout/krb5/man/man3/krb5_error.3
+++ b/doc/doxyout/krb5/man/man3/krb5_error.3
@@ -1,12 +1,18 @@
-.TH "Heimdal Kerberos 5 error reporting functions" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*-
+.TH "krb5_error" 3 "Fri Dec 8 2017" "Version 7.5.0" "HeimdalKerberos5library" \" -*- nroff -*-
.ad l
.nh
.SH NAME
-Heimdal Kerberos 5 error reporting functions \-
+krb5_error
+.SH SYNOPSIS
+.br
+.PP
.SS "Functions"
.in +1c
.ti -1c
+.RI "KRB5_LIB_FUNCTION char *KRB5_LIB_CALL \fBkrb5_get_error_string\fP (krb5_context context) KRB5_DEPRECATED_FUNCTION('Use \fBkrb5_get_error_message\fP instead')"
+.br
+.ti -1c
.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_eai_to_heim_errno\fP (int eai_errno, int system_error)"
.br
.ti -1c
@@ -16,10 +22,58 @@ Heimdal Kerberos 5 error reporting functions \-
.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_clear_error_message\fP (krb5_context context)"
.br
.ti -1c
-.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_set_error_message\fP (krb5_context context, krb5_error_code ret, const char *fmt,...) __attribute__((format(printf"
+.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_set_error_message\fP (krb5_context context, krb5_error_code ret, const char *fmt,\&.\&.\&.) __attribute__((__format__(__printf__"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_vset_error_message\fP (krb5_context context, krb5_error_code ret, const char *fmt, va_list args) __attribute__((__format__(__printf__"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_vprepend_error_message\fP (krb5_context context, krb5_error_code ret, const char *fmt, va_list args) __attribute__((__format__(__printf__"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_get_error_message\fP (krb5_context context, krb5_error_code code)"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_error_message\fP (krb5_context context, const char *msg)"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_vwarn\fP (krb5_context context, krb5_error_code code, const char *fmt, va_list ap) __attribute__((__format__(__printf__"
.br
.ti -1c
-.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_vwarn\fP (krb5_context context, krb5_error_code code, const char *fmt, va_list ap) __attribute__((format(printf"
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_warn\fP (krb5_context context, krb5_error_code code, const char *fmt,\&.\&.\&.) __attribute__((__format__(__printf__"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_vwarnx\fP (krb5_context context, const char *fmt, va_list ap) __attribute__((__format__(__printf__"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_warnx\fP (krb5_context context, const char *fmt,\&.\&.\&.) __attribute__((__format__(__printf__"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_verr\fP (krb5_context context, int eval, krb5_error_code code, const char *fmt, va_list ap) __attribute__((__noreturn__"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_err\fP (krb5_context context, int eval, krb5_error_code code, const char *fmt,\&.\&.\&.) __attribute__((__noreturn__"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_verrx\fP (krb5_context context, int eval, const char *fmt, va_list ap) __attribute__((__noreturn__"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_errx\fP (krb5_context context, int eval, const char *fmt,\&.\&.\&.) __attribute__((__noreturn__"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_vabort\fP (krb5_context context, krb5_error_code code, const char *fmt, va_list ap) __attribute__((__noreturn__"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_abort\fP (krb5_context context, krb5_error_code code, const char *fmt,\&.\&.\&.) __attribute__((__noreturn__"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_abortx\fP (krb5_context context, const char *fmt,\&.\&.\&.) __attribute__((__noreturn__"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_set_warn_dest\fP (krb5_context context, krb5_log_facility *fac)"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_log_facility *KRB5_LIB_CALL \fBkrb5_get_warn_dest\fP (krb5_context context)"
.br
.in -1c
.SH "Detailed Description"
@@ -27,9 +81,36 @@ Heimdal Kerberos 5 error reporting functions \-
.SH "Function Documentation"
.PP
-.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_clear_error_message (krb5_context context)"
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_abort (krb5_context context, krb5_error_code code, const char * fmt, \&.\&.\&.)"
+Log a warning to the log, default stderr, include the error from the last failure and then abort\&.
+.PP
+\fBParameters:\fP
+.RS 4
+\fIcontext\fP A Kerberos 5 context
+.br
+\fIcode\fP error code of the last error
+.br
+\fIfmt\fP message to print
+.br
+\fI\&.\&.\&.\fP arguments for format string
+.RE
.PP
-Clears the error message from the Kerberos 5 context.
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_abortx (krb5_context context, const char * fmt, \&.\&.\&.)"
+Log a warning to the log, default stderr, and then abort\&.
+.PP
+\fBParameters:\fP
+.RS 4
+\fIcontext\fP A Kerberos 5 context
+.br
+\fIfmt\fP printf format string of message to print
+.br
+\fI\&.\&.\&.\fP arguments for format string
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_clear_error_message (krb5_context context)"
+Clears the error message from the Kerberos 5 context\&.
.PP
\fBParameters:\fP
.RS 4
@@ -38,42 +119,209 @@ Clears the error message from the Kerberos 5 context.
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_eai_to_heim_errno (int eai_errno, int system_error)"
+Convert the getaddrinfo() error code to a Kerberos et error code\&.
+.PP
+\fBParameters:\fP
+.RS 4
+\fIeai_errno\fP contains the error code from getaddrinfo()\&.
+.br
+\fIsystem_error\fP should have the value of errno after the failed getaddrinfo()\&.
+.RE
+.PP
+\fBReturns:\fP
+.RS 4
+Kerberos error code representing the EAI errors\&.
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_err (krb5_context context, int eval, krb5_error_code code, const char * fmt, \&.\&.\&.)"
+Log a warning to the log, default stderr, include bthe error from the last failure and then exit\&.
+.PP
+\fBParameters:\fP
+.RS 4
+\fIcontext\fP A Kerberos 5 context
+.br
+\fIeval\fP the exit code to exit with
+.br
+\fIcode\fP error code of the last error
+.br
+\fIfmt\fP message to print
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_errx (krb5_context context, int eval, const char * fmt, \&.\&.\&.)"
+Log a warning to the log, default stderr, and then exit\&.
+.PP
+\fBParameters:\fP
+.RS 4
+\fIcontext\fP A Kerberos 5 context
+.br
+\fIeval\fP the exit code to exit with
+.br
+\fIfmt\fP message to print
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_error_message (krb5_context context, const char * msg)"
+Free the error message returned by \fBkrb5_get_error_message()\fP\&.
+.PP
+\fBParameters:\fP
+.RS 4
+\fIcontext\fP Kerberos context
+.br
+\fImsg\fP error message to free, returned byg \fBkrb5_get_error_message()\fP\&.
+.RE
.PP
-Convert the getaddrinfo() error code to a Kerberos et error code.
+
+.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_get_error_message (krb5_context context, krb5_error_code code)"
+Return the error message for `code' in context\&. On memory allocation error the function returns NULL\&.
.PP
\fBParameters:\fP
.RS 4
-\fIeai_errno\fP contains the error code from getaddrinfo().
+\fIcontext\fP Kerberos 5 context
.br
-\fIsystem_error\fP should have the value of errno after the failed getaddrinfo().
+\fIcode\fP Error code related to the error
.RE
.PP
\fBReturns:\fP
.RS 4
-Kerberos error code representing the EAI errors.
+an error string, needs to be freed with \fBkrb5_free_error_message()\fP\&. The functions return NULL on error\&.
.RE
.PP
-.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_errno_to_heim_errno (int eai_errno)"
+.SS "KRB5_LIB_FUNCTION char* KRB5_LIB_CALL krb5_get_error_string (krb5_context context)"
+Return the error message in context\&. On error or no error string, the function returns NULL\&.
.PP
-Convert the gethostname() error code (h_error) to a Kerberos et error code.
+\fBParameters:\fP
+.RS 4
+\fIcontext\fP Kerberos 5 context
+.RE
+.PP
+\fBReturns:\fP
+.RS 4
+an error string, needs to be freed with \fBkrb5_free_error_message()\fP\&. The functions return NULL on error\&.
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_log_facility* KRB5_LIB_CALL krb5_get_warn_dest (krb5_context context)"
+Get the default logging facility\&.
.PP
\fBParameters:\fP
.RS 4
-\fIeai_errno\fP contains the error code from gethostname().
+\fIcontext\fP A Kerberos 5 context
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_errno_to_heim_errno (int eai_errno)"
+Convert the gethostname() error code (h_error) to a Kerberos et error code\&.
+.PP
+\fBParameters:\fP
+.RS 4
+\fIeai_errno\fP contains the error code from gethostname()\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Kerberos error code representing the gethostname errors.
+Kerberos error code representing the gethostname errors\&.
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_error_message (krb5_context context, krb5_error_code ret, const char * fmt, \&.\&.\&.)"
+Set the context full error string for a specific error code\&. The error that is stored should be internationalized\&.
+.PP
+The if context is NULL, no error string is stored\&.
+.PP
+\fBParameters:\fP
+.RS 4
+\fIcontext\fP Kerberos 5 context
+.br
+\fIret\fP The error code
+.br
+\fIfmt\fP Error string for the error code
+.br
+\fI\&.\&.\&.\fP printf(3) style parameters\&.
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_warn_dest (krb5_context context, krb5_log_facility * fac)"
+Set the default logging facility\&.
+.PP
+\fBParameters:\fP
+.RS 4
+\fIcontext\fP A Kerberos 5 context
+.br
+\fIfac\fP Facility to use for logging\&.
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vabort (krb5_context context, krb5_error_code code, const char * fmt, va_list ap)"
+Log a warning to the log, default stderr, include bthe error from the last failure and then abort\&.
+.PP
+\fBParameters:\fP
+.RS 4
+\fIcontext\fP A Kerberos 5 context
+.br
+\fIcode\fP error code of the last error
+.br
+\fIfmt\fP message to print
+.br
+\fIap\fP arguments
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verr (krb5_context context, int eval, krb5_error_code code, const char * fmt, va_list ap)"
+Log a warning to the log, default stderr, include bthe error from the last failure and then exit\&.
+.PP
+\fBParameters:\fP
+.RS 4
+\fIcontext\fP A Kerberos 5 context
+.br
+\fIeval\fP the exit code to exit with
+.br
+\fIcode\fP error code of the last error
+.br
+\fIfmt\fP message to print
+.br
+\fIap\fP arguments
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verrx (krb5_context context, int eval, const char * fmt, va_list ap)"
+Log a warning to the log, default stderr, and then exit\&.
+.PP
+\fBParameters:\fP
+.RS 4
+\fIcontext\fP A Kerberos 5 context
+.br
+\fIeval\fP the exit code to exit with
+.br
+\fIfmt\fP message to print
+.br
+\fIap\fP arguments
.RE
.PP
-.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_error_message (krb5_context context, krb5_error_code ret, const char * fmt, ...)"
+.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_vprepend_error_message (krb5_context context, krb5_error_code ret, const char * fmt, va_list args)"
+Prepend the contexts's full error string for a specific error code\&.
+.PP
+The if context is NULL, no error string is stored\&.
+.PP
+\fBParameters:\fP
+.RS 4
+\fIcontext\fP Kerberos 5 context
+.br
+\fIret\fP The error code
+.br
+\fIfmt\fP Error string for the error code
+.br
+\fIargs\fP printf(3) style parameters\&.
+.RE
.PP
-Set the context full error string for a specific error code. The error that is stored should be internationalized.
+
+.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_vset_error_message (krb5_context context, krb5_error_code ret, const char * fmt, va_list args)"
+Set the context full error string for a specific error code\&.
.PP
-The if context is NULL, no error string is stored.
+The if context is NULL, no error string is stored\&.
.PP
\fBParameters:\fP
.RS 4
@@ -83,17 +331,16 @@ The if context is NULL, no error string is stored.
.br
\fIfmt\fP Error string for the error code
.br
-\fI...\fP printf(3) style parameters.
+\fIargs\fP printf(3) style parameters\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vwarn (krb5_context context, krb5_error_code code, const char * fmt, va_list ap)"
-.PP
-Log a warning to the log, default stderr, include the error from the last failure.
+Log a warning to the log, default stderr, include the error from the last failure\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos 5 context.
+\fIcontext\fP A Kerberos 5 context\&.
.br
\fIcode\fP error code of the last error
.br
@@ -103,3 +350,43 @@ Log a warning to the log, default stderr, include the error from the last failur
.RE
.PP
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vwarnx (krb5_context context, const char * fmt, va_list ap)"
+Log a warning to the log, default stderr\&.
+.PP
+\fBParameters:\fP
+.RS 4
+\fIcontext\fP A Kerberos 5 context\&.
+.br
+\fIfmt\fP message to print
+.br
+\fIap\fP arguments
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_warn (krb5_context context, krb5_error_code code, const char * fmt, \&.\&.\&.)"
+Log a warning to the log, default stderr, include the error from the last failure\&.
+.PP
+\fBParameters:\fP
+.RS 4
+\fIcontext\fP A Kerberos 5 context\&.
+.br
+\fIcode\fP error code of the last error
+.br
+\fIfmt\fP message to print
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_warnx (krb5_context context, const char * fmt, \&.\&.\&.)"
+Log a warning to the log, default stderr\&.
+.PP
+\fBParameters:\fP
+.RS 4
+\fIcontext\fP A Kerberos 5 context\&.
+.br
+\fIfmt\fP message to print
+.RE
+.PP
+
+.SH "Author"
+.PP
+Generated automatically by Doxygen for HeimdalKerberos5library from the source code\&.
diff --git a/doc/doxyout/krb5/man/man3/krb5_errx.3 b/doc/doxyout/krb5/man/man3/krb5_errx.3
new file mode 100644
index 000000000000..f721fda2cd4b
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_errx.3
@@ -0,0 +1 @@
+.so man3/krb5_error.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_fileformats.3 b/doc/doxyout/krb5/man/man3/krb5_fileformats.3
index f601d942f121..07fb36d5fc0d 100644
--- a/doc/doxyout/krb5/man/man3/krb5_fileformats.3
+++ b/doc/doxyout/krb5/man/man3/krb5_fileformats.3
@@ -1,118 +1,119 @@
-.TH "krb5_fileformats" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*-
+.TH "krb5_fileformats" 3 "Fri Dec 8 2017" "Version 7.5.0" "HeimdalKerberos5library" \" -*- nroff -*-
.ad l
.nh
.SH NAME
-krb5_fileformats \- File formats
+krb5_fileformatsFile formats
+ \-
.SH "File formats"
.PP
-This section documents the diffrent file formats that are used in Heimdal and other Kerberos implementations.
+This section documents the diffrent file formats that are used in Heimdal and other Kerberos implementations\&.
.SS "keytab"
-The keytab binary format is not a standard format. The format has evolved and may continue to. It is however understood by several Kerberos implementations including Heimdal, MIT, Sun's Java ktab and are created by the ktpass.exe utility from Windows. So it has established itself as the defacto format for storing Kerberos keys.
+The keytab binary format is not a standard format\&. The format has evolved and may continue to\&. It is however understood by several Kerberos implementations including Heimdal, MIT, Sun's Java ktab and are created by the ktpass\&.exe utility from Windows\&. So it has established itself as the defacto format for storing Kerberos keys\&.
.PP
-The following C-like structure definitions illustrate the MIT keytab file format. All values are in network byte order. All text is ASCII.
+The following C-like structure definitions illustrate the MIT keytab file format\&. All values are in network byte order\&. All text is ASCII\&.
.PP
.PP
.nf
- keytab {
- uint16_t file_format_version; # 0x502
- keytab_entry entries[*];
- };
+keytab {
+ uint16_t file_format_version; # 0x502
+ keytab_entry entries[*];
+};
- keytab_entry {
- int32_t size;
- uint16_t num_components; # subtract 1 if version 0x501
- counted_octet_string realm;
- counted_octet_string components[num_components];
- uint32_t name_type; # not present if version 0x501
- uint32_t timestamp;
- uint8_t vno8;
- keyblock key;
- uint32_t vno; #only present if >= 4 bytes left in entry
- uint32_t flags; #only present if >= 4 bytes left in entry
- };
+keytab_entry {
+ int32_t size;
+ uint16_t num_components; # subtract 1 if version 0x501
+ counted_octet_string realm;
+ counted_octet_string components[num_components];
+ uint32_t name_type; # not present if version 0x501
+ uint32_t timestamp;
+ uint8_t vno8;
+ keyblock key;
+ uint32_t vno; #only present if >= 4 bytes left in entry
+ uint32_t flags; #only present if >= 4 bytes left in entry
+};
- counted_octet_string {
- uint16_t length;
- uint8_t data[length];
- };
+counted_octet_string {
+ uint16_t length;
+ uint8_t data[length];
+};
- keyblock {
- uint16_t type;
- counted_octet_string;
- };
+keyblock {
+ uint16_t type;
+ counted_octet_string;
+};
.fi
.PP
.PP
-All numbers are stored in network byteorder (big endian) format.
+All numbers are stored in network byteorder (big endian) format\&.
.PP
-The keytab file format begins with the 16 bit file_format_version which at the time this document was authored is 0x502. The format of older keytabs is described at the end of this document.
+The keytab file format begins with the 16 bit file_format_version which at the time this document was authored is 0x502\&. The format of older keytabs is described at the end of this document\&.
.PP
-The file_format_version is immediately followed by an array of keytab_entry structures which are prefixed with a 32 bit size indicating the number of bytes that follow in the entry. Note that the size should be evaluated as signed. This is because a negative value indicates that the entry is in fact empty (e.g. it has been deleted) and that the negative value of that negative value (which is of course a positive value) is the offset to the next keytab_entry. Based on these size values alone the entire keytab file can be traversed.
+The file_format_version is immediately followed by an array of keytab_entry structures which are prefixed with a 32 bit size indicating the number of bytes that follow in the entry\&. Note that the size should be evaluated as signed\&. This is because a negative value indicates that the entry is in fact empty (e\&.g\&. it has been deleted) and that the negative value of that negative value (which is of course a positive value) is the offset to the next keytab_entry\&. Based on these size values alone the entire keytab file can be traversed\&.
.PP
-The size is followed by a 16 bit num_components field indicating the number of counted_octet_string components in the components array.
+The size is followed by a 16 bit num_components field indicating the number of counted_octet_string components in the components array\&.
.PP
-The num_components field is followed by a counted_octet_string representing the realm of the principal.
+The num_components field is followed by a counted_octet_string representing the realm of the principal\&.
.PP
-A counted_octet_string is simply an array of bytes prefixed with a 16 bit length. For the realm and name components, the counted_octet_string bytes are ASCII encoded text with no zero terminator.
+A counted_octet_string is simply an array of bytes prefixed with a 16 bit length\&. For the realm and name components, the counted_octet_string bytes are ASCII encoded text with no zero terminator\&.
.PP
-Following the realm is the components array that represents the name of the principal. The text of these components may be joined with slashs to construct the typical SPN representation. For example, the service principal HTTP/www.foo.net@FOO.NET would consist of name components 'HTTP' followed by 'www.foo.net'.
+Following the realm is the components array that represents the name of the principal\&. The text of these components may be joined with slashs to construct the typical SPN representation\&. For example, the service principal HTTP/www\&.foo\&.net@FOO\&.NET would consist of name components 'HTTP' followed by 'www\&.foo\&.net'\&.
.PP
-Following the components array is the 32 bit name_type (e.g. 1 is KRB5_NT_PRINCIPAL, 2 is KRB5_NT_SRV_INST, 5 is KRB5_NT_UID, etc). In practice the name_type is almost certainly 1 meaning KRB5_NT_PRINCIPAL.
+Following the components array is the 32 bit name_type (e\&.g\&. 1 is KRB5_NT_PRINCIPAL, 2 is KRB5_NT_SRV_INST, 5 is KRB5_NT_UID, etc)\&. In practice the name_type is almost certainly 1 meaning KRB5_NT_PRINCIPAL\&.
.PP
-The 32 bit timestamp indicates the time the key was established for that principal. The value represents the number of seconds since Jan 1, 1970.
+The 32 bit timestamp indicates the time the key was established for that principal\&. The value represents the number of seconds since Jan 1, 1970\&.
.PP
-The 8 bit vno8 field is the version number of the key. This value is overridden by the 32 bit vno field if it is present. The vno8 field is filled with the lower 8 bits of the 32 bit protocol kvno field.
+The 8 bit vno8 field is the version number of the key\&. This value is overridden by the 32 bit vno field if it is present\&. The vno8 field is filled with the lower 8 bits of the 32 bit protocol kvno field\&.
.PP
-The keyblock structure consists of a 16 bit value indicating the encryption type and is a counted_octet_string containing the key. The encryption type is the same as the Kerberos standard (e.g. 3 is des-cbc-md5, 23 is arcfour-hmac-md5, etc).
+The keyblock structure consists of a 16 bit value indicating the encryption type and is a counted_octet_string containing the key\&. The encryption type is the same as the Kerberos standard (e\&.g\&. 3 is des-cbc-md5, 23 is arcfour-hmac-md5, etc)\&.
.PP
-The last field of the keytab_entry structure is optional. If the size of the keytab_entry indicates that there are at least 4 bytes remaining, a 32 bit value representing the key version number is present. This value supersedes the 8 bit vno8 value preceeding the keyblock.
+The last field of the keytab_entry structure is optional\&. If the size of the keytab_entry indicates that there are at least 4 bytes remaining, a 32 bit value representing the key version number is present\&. This value supersedes the 8 bit vno8 value preceeding the keyblock\&.
.PP
Older keytabs with a file_format_version of 0x501 are different in three ways:
.PP
.IP "\(bu" 2
-All integers are in host byte order [1].
+All integers are in host byte order [1]\&.
.IP "\(bu" 2
-The num_components field is 1 too large (i.e. after decoding, decrement by 1).
+The num_components field is 1 too large (i\&.e\&. after decoding, decrement by 1)\&.
.IP "\(bu" 2
-The 32 bit name_type field is not present.
+The 32 bit name_type field is not present\&.
.PP
.PP
-[1] The file_format_version field should really be treated as two separate 8 bit quantities representing the major and minor version number respectively.
+[1] The file_format_version field should really be treated as two separate 8 bit quantities representing the major and minor version number respectively\&.
.SS "Heimdal database dump file"
-Format of the Heimdal text dump file as of Heimdal 0.6.3:
+Format of the Heimdal text dump file as of Heimdal 0\&.6\&.3:
.PP
-Each line in the dump file is one entry in the database.
+Each line in the dump file is one entry in the database\&.
.PP
-Each field of a line is separated by one or more spaces, with the exception of fields consisting of principals containing spaces, where space can be quoted with \\ and \\ is quoted by \\.
+Each field of a line is separated by one or more spaces, with the exception of fields consisting of principals containing spaces, where space can be quoted with \\ and \\ is quoted by .
.PP
Fields and their types are:
.PP
.PP
.nf
- Quoted princial (quote character is \) [string]
- Keys [keys]
- Created by [event]
- Modified by [event optional]
- Valid start time [time optional]
- Valid end time [time optional]
- Password end valid time [time optional]
- Max lifetime of ticket [time optional]
- Max renew time of ticket [integer optional]
- Flags [hdb flags]
- Generation number [generation optional]
- Extensions [extentions optional]
+Quoted princial (quote character is \) [string]
+Keys [keys]
+Created by [event]
+Modified by [event optional]
+Valid start time [time optional]
+Valid end time [time optional]
+Password end valid time [time optional]
+Max lifetime of ticket [time optional]
+Max renew time of ticket [integer optional]
+Flags [hdb flags]
+Generation number [generation optional]
+Extensions [extentions optional]
.fi
.PP
.PP
-Fields following these silently are ignored.
+Fields following these silently are ignored\&.
.PP
-All optional fields will be skipped if they fail to parse (or comprise the optional field marker of '-', w/o quotes).
+All optional fields will be skipped if they fail to parse (or comprise the optional field marker of '-', w/o quotes)\&.
.PP
Example:
.PP
.PP
.nf
- fred\@CODE.COM 27:1:16:e8b4c8fc7e60b9e641dcf4cff3f08a701d982a2f89ba373733d26ca59ba6c789666f6b8bfcf169412bb1e5dceb9b33cda29f3412:-:1:3:4498a933881178c744f4232172dcd774c64e81fa6d05ecdf643a7e390624a0ebf3c7407a:-:1:2:b01934b13eb795d76f3a80717d469639b4da0cfb644161340ef44fdeb375e54d684dbb85:-:1:1:ea8e16d8078bf60c781da90f508d4deccba70595258b9d31888d33987cd31af0c9cced2e:- 20020415130120:admin\@CODE.COM 20041221112428:fred\@CODE.COM - - - 86400 604800 126 20020415130120:793707:28 -
+fred\@CODE\&.COM 27:1:16:e8b4c8fc7e60b9e641dcf4cff3f08a701d982a2f89ba373733d26ca59ba6c789666f6b8bfcf169412bb1e5dceb9b33cda29f3412:-:1:3:4498a933881178c744f4232172dcd774c64e81fa6d05ecdf643a7e390624a0ebf3c7407a:-:1:2:b01934b13eb795d76f3a80717d469639b4da0cfb644161340ef44fdeb375e54d684dbb85:-:1:1:ea8e16d8078bf60c781da90f508d4deccba70595258b9d31888d33987cd31af0c9cced2e:- 20020415130120:admin\@CODE\&.COM 20041221112428:fred\@CODE\&.COM - - - 86400 604800 126 20020415130120:793707:28 -
.fi
.PP
.PP
@@ -124,39 +125,39 @@ keys
.PP
.PP
.nf
- kvno:[masterkvno:keytype:keydata:salt]{zero or more separated by :}
+kvno:[masterkvno:keytype:keydata:salt]{zero or more separated by :}
.fi
.PP
.PP
-kvno is the key version number.
+kvno is the key version number\&.
.PP
keydata is hex-encoded
.PP
-masterkvno is the kvno of the database master key. If this field is empty, the kadmin load and merge operations will encrypt the key data with the master key if there is one. Otherwise the key data will be imported asis.
+masterkvno is the kvno of the database master key\&. If this field is empty, the kadmin load and merge operations will encrypt the key data with the master key if there is one\&. Otherwise the key data will be imported asis\&.
.PP
salt is encoded as '-' (no/default salt) or
.PP
.PP
.nf
- salt-type /
- salt-type / 'string'
- salt-type / hex-encoded-data
+salt-type /
+salt-type / "string"
+salt-type / hex-encoded-data
.fi
.PP
.PP
-keytype is the protocol enctype number; see enum ENCTYPE in include/krb5_asn1.h for values.
+keytype is the protocol enctype number; see enum ENCTYPE in include/krb5_asn1\&.h for values\&.
.PP
Example:
.PP
.nf
- 27:1:16:e8b4c8fc7e60b9e641dcf4cff3f08a701d982a2f89ba373733d26ca59ba6c789666f6b8bfcf169412bb1e5dceb9b33cda29f3412:-:1:3:4498a933881178c744f4232172dcd774c64e81fa6d05ecdf643a7e390624a0ebf3c7407a:-:1:2:b01934b13eb795d76f3a80717d469639b4da0cfb644161340ef44fdeb375e54d684dbb85:-:1:1:ea8e16d8078bf60c781da90f508d4deccba70595258b9d31888d33987cd31af0c9cced2e:-
+27:1:16:e8b4c8fc7e60b9e641dcf4cff3f08a701d982a2f89ba373733d26ca59ba6c789666f6b8bfcf169412bb1e5dceb9b33cda29f3412:-:1:3:4498a933881178c744f4232172dcd774c64e81fa6d05ecdf643a7e390624a0ebf3c7407a:-:1:2:b01934b13eb795d76f3a80717d469639b4da0cfb644161340ef44fdeb375e54d684dbb85:-:1:1:ea8e16d8078bf60c781da90f508d4deccba70595258b9d31888d33987cd31af0c9cced2e:-
.fi
.PP
.PP
.PP
.nf
- kvno=27,{key: masterkvno=1,keytype=des3-cbc-sha1,keydata=..., default salt}...
+kvno=27,{key: masterkvno=1,keytype=des3-cbc-sha1,keydata=\&.\&.\&., default salt}\&.\&.\&.
.fi
.PP
.PP
@@ -164,17 +165,17 @@ Example:
time
.PP
.PP
-Format of the time is: YYYYmmddHHMMSS, corresponding to strftime format '%Y%m%d%k%M%S'.
+Format of the time is: YYYYmmddHHMMSS, corresponding to strftime format '%Y%m%d%k%M%S'\&.
.PP
-Time is expressed in UTC.
+Time is expressed in UTC\&.
.PP
-Time can be optional (using -), when the time 0 is used.
+Time can be optional (using -), when the time 0 is used\&.
.PP
Example:
.PP
.PP
.nf
- 20041221112428
+20041221112428
.fi
.PP
.PP
@@ -184,18 +185,18 @@ event
.PP
.PP
.nf
- time:principal
+time:principal
.fi
.PP
.PP
time is as given in format time
.PP
-principal is a string. Not quoting it may not work in earlier versions of Heimdal.
+principal is a string\&. Not quoting it may not work in earlier versions of Heimdal\&.
.PP
Example:
.PP
.nf
- 20041221112428:bloggs\@CODE.COM
+20041221112428:bloggs\@CODE\&.COM
.fi
.PP
@@ -204,7 +205,7 @@ Example:
hdb flags
.PP
.PP
-Integer encoding of HDB flags, see HDBFlags in lib/hdb/hdb.asn1. Each bit in the integer is the same as the bit in the specification.
+Integer encoding of HDB flags, see HDBFlags in lib/hdb/hdb\&.asn1\&. Each bit in the integer is the same as the bit in the specification\&.
.PP
.IP "\(bu" 2
generation:
@@ -212,11 +213,11 @@ generation:
.PP
.PP
.nf
- time:usec:gen
+time:usec:gen
.fi
.PP
.PP
-usec is a the microsecond, integer. gen is generation number, integer.
+usec is a the microsecond, integer\&. gen is generation number, integer\&.
.PP
The generation can be defaulted (using '-') or the empty string
.PP
@@ -226,8 +227,8 @@ extensions:
.PP
.PP
.nf
- first-hex-encoded-HDB-Extension[:second-...]
+first-hex-encoded-HDB-Extension[:second-\&.\&.\&.]
.fi
.PP
.PP
-HDB-extension is encoded the DER encoded HDB-Extension from lib/hdb/hdb.asn1. Consumers HDB extensions should be aware that unknown entires needs to be preserved even thought the ASN.1 data content might be unknown. There is a critical flag in the data to show to the KDC that the entry MUST be understod if the entry is to be used.
+HDB-extension is encoded the DER encoded HDB-Extension from lib/hdb/hdb\&.asn1\&. Consumers HDB extensions should be aware that unknown entires needs to be preserved even thought the ASN\&.1 data content might be unknown\&. There is a critical flag in the data to show to the KDC that the entry MUST be understod if the entry is to be used\&.
diff --git a/doc/doxyout/krb5/man/man3/krb5_free_error_message.3 b/doc/doxyout/krb5/man/man3/krb5_free_error_message.3
new file mode 100644
index 000000000000..f721fda2cd4b
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_free_error_message.3
@@ -0,0 +1 @@
+.so man3/krb5_error.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_generate_random.3 b/doc/doxyout/krb5/man/man3/krb5_generate_random.3
new file mode 100644
index 000000000000..ebfd1cbfb9b2
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_generate_random.3
@@ -0,0 +1 @@
+.so man3/krb5_crypto.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_generate_random_block.3 b/doc/doxyout/krb5/man/man3/krb5_generate_random_block.3
new file mode 100644
index 000000000000..ebfd1cbfb9b2
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_generate_random_block.3
@@ -0,0 +1 @@
+.so man3/krb5_crypto.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_get_err_text.3 b/doc/doxyout/krb5/man/man3/krb5_get_err_text.3
new file mode 100644
index 000000000000..16c542ae4a70
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_get_err_text.3
@@ -0,0 +1 @@
+.so man3/krb5.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_get_error_message.3 b/doc/doxyout/krb5/man/man3/krb5_get_error_message.3
new file mode 100644
index 000000000000..f721fda2cd4b
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_get_error_message.3
@@ -0,0 +1 @@
+.so man3/krb5_error.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_get_error_string.3 b/doc/doxyout/krb5/man/man3/krb5_get_error_string.3
new file mode 100644
index 000000000000..f721fda2cd4b
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_get_error_string.3
@@ -0,0 +1 @@
+.so man3/krb5_error.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_get_warn_dest.3 b/doc/doxyout/krb5/man/man3/krb5_get_warn_dest.3
new file mode 100644
index 000000000000..f721fda2cd4b
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_get_warn_dest.3
@@ -0,0 +1 @@
+.so man3/krb5_error.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_init_creds_intro.3 b/doc/doxyout/krb5/man/man3/krb5_init_creds_intro.3
index 06edd251cec3..c71cf8c7402a 100644
--- a/doc/doxyout/krb5/man/man3/krb5_init_creds_intro.3
+++ b/doc/doxyout/krb5/man/man3/krb5_init_creds_intro.3
@@ -1,8 +1,9 @@
-.TH "krb5_init_creds_intro" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*-
+.TH "krb5_init_creds_intro" 3 "Fri Dec 8 2017" "Version 7.5.0" "HeimdalKerberos5library" \" -*- nroff -*-
.ad l
.nh
.SH NAME
-krb5_init_creds_intro \- The initial credential handing functions
+krb5_init_creds_introThe initial credential handing functions
+ \-
.SH "Initial credential"
.PP
-Functions to get initial credentials: \fBHeimdal Kerberos 5 credential handing functions\fP .
+Functions to get initial credentials: \fBHeimdal Kerberos 5 credential handing functions\fP \&.
diff --git a/doc/doxyout/krb5/man/man3/krb5_introduction.3 b/doc/doxyout/krb5/man/man3/krb5_introduction.3
index 5f09a174e54b..e3a6dd22c57d 100644
--- a/doc/doxyout/krb5/man/man3/krb5_introduction.3
+++ b/doc/doxyout/krb5/man/man3/krb5_introduction.3
@@ -1,259 +1,260 @@
-.TH "krb5_introduction" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*-
+.TH "krb5_introduction" 3 "Fri Dec 8 2017" "Version 7.5.0" "HeimdalKerberos5library" \" -*- nroff -*-
.ad l
.nh
.SH NAME
-krb5_introduction \- Introduction to the Kerberos 5 API
+krb5_introductionIntroduction to the Kerberos 5 API
+ \-
.SH "Kerberos 5 API Overview"
.PP
-All functions are documented in manual pages. This section tries to give an overview of the major components used in Kerberos library, and point to where to look for a specific function.
+All functions are documented in manual pages\&. This section tries to give an overview of the major components used in Kerberos library, and point to where to look for a specific function\&.
.SS "Kerberos context"
-A kerberos context (krb5_context) holds all per thread state. All global variables that are context specific are stored in this structure, including default encryption types, credential cache (for example, a ticket file), and default realms.
+A kerberos context (krb5_context) holds all per thread state\&. All global variables that are context specific are stored in this structure, including default encryption types, credential cache (for example, a ticket file), and default realms\&.
.PP
-The internals of the structure should never be accessed directly, functions exist for extracting information.
+The internals of the structure should never be accessed directly, functions exist for extracting information\&.
.PP
-See the manual page for \fBkrb5_init_context()\fP how to create a context and module \fBHeimdal Kerberos 5 library\fP for more information about the functions.
+See the manual page for \fBkrb5_init_context()\fP how to create a context and module \fBHeimdal Kerberos 5 library\fP for more information about the functions\&.
.SS "Kerberos authentication context"
-Kerberos authentication context (krb5_auth_context) holds all context related to an authenticated connection, in a similar way to the kerberos context that holds the context for the thread or process.
+Kerberos authentication context (krb5_auth_context) holds all context related to an authenticated connection, in a similar way to the kerberos context that holds the context for the thread or process\&.
.PP
-The krb5_auth_context is used by various functions that are directly related to authentication between the server/client. Example of data that this structure contains are various flags, addresses of client and server, port numbers, keyblocks (and subkeys), sequence numbers, replay cache, and checksum types.
+The krb5_auth_context is used by various functions that are directly related to authentication between the server/client\&. Example of data that this structure contains are various flags, addresses of client and server, port numbers, keyblocks (and subkeys), sequence numbers, replay cache, and checksum types\&.
.SS "Kerberos principal"
-The Kerberos principal is the structure that identifies a user or service in Kerberos. The structure that holds the principal is the krb5_principal. There are function to extract the realm and elements of the principal, but most applications have no reason to inspect the content of the structure.
+The Kerberos principal is the structure that identifies a user or service in Kerberos\&. The structure that holds the principal is the krb5_principal\&. There are function to extract the realm and elements of the principal, but most applications have no reason to inspect the content of the structure\&.
.PP
-The are several ways to create a principal (with different degree of portability), and one way to free it.
+The are several ways to create a principal (with different degree of portability), and one way to free it\&.
.PP
-See also the page \fBThe principal handing functions.\fP for more information and also module \fBHeimdal Kerberos 5 principal functions\fP.
+See also the page \fBThe principal handing functions\&.\fP for more information and also module \fBHeimdal Kerberos 5 principal functions\fP\&.
.SS "Credential cache"
-A credential cache holds the tickets for a user. A given user can have several credential caches, one for each realm where the user have the initial tickets (the first krbtgt).
+A credential cache holds the tickets for a user\&. A given user can have several credential caches, one for each realm where the user have the initial tickets (the first krbtgt)\&.
.PP
-The credential cache data can be stored internally in different way, each of them for different proposes. File credential (FILE) caches and processes based (KCM) caches are for permanent storage. While memory caches (MEMORY) are local caches to the local process.
+The credential cache data can be stored internally in different way, each of them for different proposes\&. File credential (FILE) caches and processes based (KCM) caches are for permanent storage\&. While memory caches (MEMORY) are local caches to the local process\&.
.PP
-Caches are opened with \fBkrb5_cc_resolve()\fP or created with \fBkrb5_cc_new_unique()\fP.
+Caches are opened with \fBkrb5_cc_resolve()\fP or created with \fBkrb5_cc_new_unique()\fP\&.
.PP
-If the cache needs to be opened again (using \fBkrb5_cc_resolve()\fP) \fBkrb5_cc_close()\fP will close the handle, but not the remove the cache. \fBkrb5_cc_destroy()\fP will zero out the cache, remove the cache so it can no longer be referenced.
+If the cache needs to be opened again (using \fBkrb5_cc_resolve()\fP) \fBkrb5_cc_close()\fP will close the handle, but not the remove the cache\&. \fBkrb5_cc_destroy()\fP will zero out the cache, remove the cache so it can no longer be referenced\&.
.PP
-See also \fBThe credential cache functions\fP and \fBHeimdal Kerberos 5 credential cache functions\fP .
+See also \fBThe credential cache functions\fP and \fBHeimdal Kerberos 5 credential cache functions\fP \&.
.SS "Kerberos errors"
-Kerberos errors are based on the com_err library. All error codes are 32-bit signed numbers, the first 24 bits define what subsystem the error originates from, and last 8 bits are 255 error codes within the library. Each error code have fixed string associated with it. For example, the error-code -1765328383 have the symbolic name KRB5KDC_ERR_NAME_EXP, and associated error string ``Client's entry in database has expired''.
+Kerberos errors are based on the com_err library\&. All error codes are 32-bit signed numbers, the first 24 bits define what subsystem the error originates from, and last 8 bits are 255 error codes within the library\&. Each error code have fixed string associated with it\&. For example, the error-code -1765328383 have the symbolic name KRB5KDC_ERR_NAME_EXP, and associated error string ``Client's entry in database has expired''\&.
.PP
-This is a great improvement compared to just getting one of the unix error-codes back. However, Heimdal have an extention to pass back customised errors messages. Instead of getting ``Key table entry not found'', the user might back ``failed to find host/host.example.com@EXAMLE.COM(kvno 3) in keytab /etc/krb5.keytab (des-cbc-crc)''. This improves the chance that the user find the cause of the error so you should use the customised error message whenever it's available.
+This is a great improvement compared to just getting one of the unix error-codes back\&. However, Heimdal have an extention to pass back customised errors messages\&. Instead of getting \fCKey table entry not found'', the user might back\fPfailed to find host/host\&.example\&.com@EXAMLE\&.COM(kvno 3) in keytab /etc/krb5\&.keytab (des-cbc-crc)''\&. This improves the chance that the user find the cause of the error so you should use the customised error message whenever it's available\&.
.PP
-See also module \fBHeimdal Kerberos 5 error reporting functions\fP .
+See also module \fBHeimdal Kerberos 5 error reporting functions\fP \&.
.SS "Keytab management"
-A keytab is a storage for locally stored keys. Heimdal includes keytab support for Kerberos 5 keytabs, Kerberos 4 srvtab, AFS-KeyFile's, and for storing keys in memory.
+A keytab is a storage for locally stored keys\&. Heimdal includes keytab support for Kerberos 5 keytabs, Kerberos 4 srvtab, AFS-KeyFile's, and for storing keys in memory\&.
.PP
-Keytabs are used for servers and long-running services.
+Keytabs are used for servers and long-running services\&.
.PP
-See also \fBThe keytab handing functions\fP and \fBHeimdal Kerberos 5 keytab handling functions\fP .
+See also \fBThe keytab handing functions\fP and \fBHeimdal Kerberos 5 keytab handling functions\fP \&.
.SS "Kerberos crypto"
-Heimdal includes a implementation of the Kerberos crypto framework, all crypto operations. To create a crypto context call \fBkrb5_crypto_init()\fP.
+Heimdal includes a implementation of the Kerberos crypto framework, all crypto operations\&. To create a crypto context call \fBkrb5_crypto_init()\fP\&.
.PP
-See also module \fBHeimdal Kerberos 5 cryptography functions\fP .
+See also module \fBHeimdal Kerberos 5 cryptography functions\fP \&.
.SH "Walkthrough of a sample Kerberos 5 client"
.PP
-This example contains parts of a sample TCP Kerberos 5 clients, if you want a real working client, please look in appl/test directory in the Heimdal distribution.
+This example contains parts of a sample TCP Kerberos 5 clients, if you want a real working client, please look in appl/test directory in the Heimdal distribution\&.
.PP
-All Kerberos error-codes that are returned from kerberos functions in this program are passed to krb5_err, that will print a descriptive text of the error code and exit. Graphical programs can convert error-code to a human readable error-string with the krb5_get_error_message() function.
+All Kerberos error-codes that are returned from kerberos functions in this program are passed to krb5_err, that will print a descriptive text of the error code and exit\&. Graphical programs can convert error-code to a human readable error-string with the \fBkrb5_get_error_message()\fP function\&.
.PP
-Note that you should not use any Kerberos function before \fBkrb5_init_context()\fP have completed successfully. That is the reason err() is used when \fBkrb5_init_context()\fP fails.
+Note that you should not use any Kerberos function before \fBkrb5_init_context()\fP have completed successfully\&. That is the reason err() is used when \fBkrb5_init_context()\fP fails\&.
.PP
-First the client needs to call krb5_init_context to initialise the Kerberos 5 library. This is only needed once per thread in the program. If the function returns a non-zero value it indicates that either the Kerberos implementation is failing or it's disabled on this host.
+First the client needs to call krb5_init_context to initialise the Kerberos 5 library\&. This is only needed once per thread in the program\&. If the function returns a non-zero value it indicates that either the Kerberos implementation is failing or it's disabled on this host\&.
.PP
.PP
.nf
- #include <krb5.h>
+#include <krb5\&.h>
- int
- main(int argc, char **argv)
- {
- krb5_context context;
+int
+main(int argc, char **argv)
+{
+ krb5_context context;
- if (krb5_init_context(&context))
- errx (1, 'krb5_context');
+ if (krb5_init_context(&context))
+ errx (1, "krb5_context");
.fi
.PP
.PP
-Now the client wants to connect to the host at the other end. The preferred way of doing this is using getaddrinfo (for operating system that have this function implemented), since getaddrinfo is neutral to the address type and can use any protocol that is available.
+Now the client wants to connect to the host at the other end\&. The preferred way of doing this is using getaddrinfo (for operating system that have this function implemented), since getaddrinfo is neutral to the address type and can use any protocol that is available\&.
.PP
.PP
.nf
- struct addrinfo *ai, *a;
- struct addrinfo hints;
- int error;
+struct addrinfo *ai, *a;
+struct addrinfo hints;
+int error;
- memset (&hints, 0, sizeof(hints));
- hints.ai_socktype = SOCK_STREAM;
- hints.ai_protocol = IPPROTO_TCP;
+memset (&hints, 0, sizeof(hints));
+hints\&.ai_socktype = SOCK_STREAM;
+hints\&.ai_protocol = IPPROTO_TCP;
- error = getaddrinfo (hostname, 'pop3', &hints, &ai);
- if (error)
- errx (1, '%s: %s', hostname, gai_strerror(error));
+error = getaddrinfo (hostname, "pop3", &hints, &ai);
+if (error)
+ errx (1, "%s: %s", hostname, gai_strerror(error));
- for (a = ai; a != NULL; a = a->ai_next) {
- int s;
+for (a = ai; a != NULL; a = a->ai_next) {
+ int s;
- s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
- if (s < 0)
- continue;
- if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
- warn ('connect(%s)', hostname);
- close (s);
- continue;
- }
- freeaddrinfo (ai);
- ai = NULL;
- }
- if (ai) {
- freeaddrinfo (ai);
- errx ('failed to contact %s', hostname);
- }
+ s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
+ if (s < 0)
+ continue;
+ if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
+ warn ("connect(%s)", hostname);
+ close (s);
+ continue;
+ }
+ freeaddrinfo (ai);
+ ai = NULL;
+}
+if (ai) {
+ freeaddrinfo (ai);
+ errx ("failed to contact %s", hostname);
+}
.fi
.PP
.PP
-Before authenticating, an authentication context needs to be created. This context keeps all information for one (to be) authenticated connection (see krb5_auth_context).
+Before authenticating, an authentication context needs to be created\&. This context keeps all information for one (to be) authenticated connection (see krb5_auth_context)\&.
.PP
.PP
.nf
- status = krb5_auth_con_init (context, &auth_context);
- if (status)
- krb5_err (context, 1, status, 'krb5_auth_con_init');
+status = krb5_auth_con_init (context, &auth_context);
+if (status)
+ krb5_err (context, 1, status, "krb5_auth_con_init");
.fi
.PP
.PP
-For setting the address in the authentication there is a help function krb5_auth_con_setaddrs_from_fd() that does everything that is needed when given a connected file descriptor to the socket.
+For setting the address in the authentication there is a help function krb5_auth_con_setaddrs_from_fd() that does everything that is needed when given a connected file descriptor to the socket\&.
.PP
.PP
.nf
- status = krb5_auth_con_setaddrs_from_fd (context,
- auth_context,
- &sock);
- if (status)
- krb5_err (context, 1, status,
- 'krb5_auth_con_setaddrs_from_fd');
+status = krb5_auth_con_setaddrs_from_fd (context,
+ auth_context,
+ &sock);
+if (status)
+ krb5_err (context, 1, status,
+ "krb5_auth_con_setaddrs_from_fd");
.fi
.PP
.PP
-The next step is to build a server principal for the service we want to connect to. (See also \fBkrb5_sname_to_principal()\fP.)
+The next step is to build a server principal for the service we want to connect to\&. (See also \fBkrb5_sname_to_principal()\fP\&.)
.PP
.PP
.nf
- status = krb5_sname_to_principal (context,
- hostname,
- service,
- KRB5_NT_SRV_HST,
- &server);
- if (status)
- krb5_err (context, 1, status, 'krb5_sname_to_principal');
+status = krb5_sname_to_principal (context,
+ hostname,
+ service,
+ KRB5_NT_SRV_HST,
+ &server);
+if (status)
+ krb5_err (context, 1, status, "krb5_sname_to_principal");
.fi
.PP
.PP
-The client principal is not passed to krb5_sendauth() function, this causes the krb5_sendauth() function to try to figure it out itself.
+The client principal is not passed to krb5_sendauth() function, this causes the krb5_sendauth() function to try to figure it out itself\&.
.PP
-The server program is using the function krb5_recvauth() to receive the Kerberos 5 authenticator.
+The server program is using the function krb5_recvauth() to receive the Kerberos 5 authenticator\&.
.PP
-In this case, mutual authentication will be tried. That means that the server will authenticate to the client. Using mutual authentication is good since it enables the user to verify that they are talking to the right server (a server that knows the key).
+In this case, mutual authentication will be tried\&. That means that the server will authenticate to the client\&. Using mutual authentication is required to avoid man-in-the-middle attacks, since it enables the user to verify that they are talking to the right server (a server that knows the key)\&.
.PP
-If you are using a non-blocking socket you will need to do all work of krb5_sendauth() yourself. Basically you need to send over the authenticator from krb5_mk_req() and, in case of mutual authentication, verifying the result from the server with krb5_rd_rep().
+If you are using a non-blocking socket you will need to do all work of krb5_sendauth() yourself\&. Basically you need to send over the authenticator from krb5_mk_req() and, in case of mutual authentication, verifying the result from the server with krb5_rd_rep()\&.
.PP
.PP
.nf
- status = krb5_sendauth (context,
- &auth_context,
- &sock,
- VERSION,
- NULL,
- server,
- AP_OPTS_MUTUAL_REQUIRED,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL);
- if (status)
- krb5_err (context, 1, status, 'krb5_sendauth');
+status = krb5_sendauth (context,
+ &auth_context,
+ &sock,
+ VERSION,
+ NULL,
+ server,
+ AP_OPTS_MUTUAL_REQUIRED,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+if (status)
+ krb5_err (context, 1, status, "krb5_sendauth");
.fi
.PP
.PP
-Once authentication has been performed, it is time to send some data. First we create a krb5_data structure, then we sign it with krb5_mk_safe() using the auth_context that contains the session-key that was exchanged in the krb5_sendauth()/krb5_recvauth() authentication sequence.
+Once authentication has been performed, it is time to send some data\&. First we create a krb5_data structure, then we sign it with krb5_mk_safe() using the auth_context that contains the session-key that was exchanged in the krb5_sendauth()/krb5_recvauth() authentication sequence\&.
.PP
.PP
.nf
- data.data = 'hej';
- data.length = 3;
+data\&.data = "hej";
+data\&.length = 3;
- krb5_data_zero (&packet);
+krb5_data_zero (&packet);
- status = krb5_mk_safe (context,
- auth_context,
- &data,
- &packet,
- NULL);
- if (status)
- krb5_err (context, 1, status, 'krb5_mk_safe');
+status = krb5_mk_safe (context,
+ auth_context,
+ &data,
+ &packet,
+ NULL);
+if (status)
+ krb5_err (context, 1, status, "krb5_mk_safe");
.fi
.PP
.PP
-And send it over the network.
+And send it over the network\&.
.PP
.PP
.nf
- len = packet.length;
- net_len = htonl(len);
+len = packet\&.length;
+net_len = htonl(len);
- if (krb5_net_write (context, &sock, &net_len, 4) != 4)
- err (1, 'krb5_net_write');
- if (krb5_net_write (context, &sock, packet.data, len) != len)
- err (1, 'krb5_net_write');
+if (krb5_net_write (context, &sock, &net_len, 4) != 4)
+ err (1, "krb5_net_write");
+if (krb5_net_write (context, &sock, packet\&.data, len) != len)
+ err (1, "krb5_net_write");
.fi
.PP
.PP
-To send encrypted (and signed) data krb5_mk_priv() should be used instead. krb5_mk_priv() works the same way as krb5_mk_safe(), with the exception that it encrypts the data in addition to signing it.
+To send encrypted (and signed) data krb5_mk_priv() should be used instead\&. krb5_mk_priv() works the same way as krb5_mk_safe(), with the exception that it encrypts the data in addition to signing it\&.
.PP
.PP
.nf
- data.data = 'hemligt';
- data.length = 7;
+data\&.data = "hemligt";
+data\&.length = 7;
- krb5_data_free (&packet);
+krb5_data_free (&packet);
- status = krb5_mk_priv (context,
- auth_context,
- &data,
- &packet,
- NULL);
- if (status)
- krb5_err (context, 1, status, 'krb5_mk_priv');
+status = krb5_mk_priv (context,
+ auth_context,
+ &data,
+ &packet,
+ NULL);
+if (status)
+ krb5_err (context, 1, status, "krb5_mk_priv");
.fi
.PP
.PP
-And send it over the network.
+And send it over the network\&.
.PP
.PP
.nf
- len = packet.length;
- net_len = htonl(len);
+len = packet\&.length;
+net_len = htonl(len);
- if (krb5_net_write (context, &sock, &net_len, 4) != 4)
- err (1, 'krb5_net_write');
- if (krb5_net_write (context, &sock, packet.data, len) != len)
- err (1, 'krb5_net_write');
+if (krb5_net_write (context, &sock, &net_len, 4) != 4)
+ err (1, "krb5_net_write");
+if (krb5_net_write (context, &sock, packet\&.data, len) != len)
+ err (1, "krb5_net_write");
.fi
.PP
.PP
-The server is using krb5_rd_safe() and krb5_rd_priv() to verify the signature and decrypt the packet.
+The server is using krb5_rd_safe() and krb5_rd_priv() to verify the signature and decrypt the packet\&.
.SH "Validating a password in an application"
.PP
-See the manual page for krb5_verify_user().
+See the manual page for krb5_verify_user()\&.
.SH "API differences to MIT Kerberos"
.PP
-This section is somewhat disorganised, but so far there is no overall structure to the differences, though some of the have their root in that Heimdal uses an ASN.1 compiler and MIT doesn't.
+This section is somewhat disorganised, but so far there is no overall structure to the differences, though some of the have their root in that Heimdal uses an ASN\&.1 compiler and MIT doesn't\&.
.SS "Principal and realms"
-Heimdal stores the realm as a krb5_realm, that is a char *. MIT Kerberos uses a krb5_data to store a realm.
+Heimdal stores the realm as a krb5_realm, that is a char *\&. MIT Kerberos uses a krb5_data to store a realm\&.
.PP
-In Heimdal krb5_principal doesn't contain the component name_type; it's instead stored in component name.name_type. To get and set the nametype in Heimdal, use \fBkrb5_principal_get_type()\fP and \fBkrb5_principal_set_type()\fP.
+In Heimdal krb5_principal doesn't contain the component name_type; it's instead stored in component name\&.name_type\&. To get and set the nametype in Heimdal, use \fBkrb5_principal_get_type()\fP and \fBkrb5_principal_set_type()\fP\&.
.PP
-For more information about principal and realms, see krb5_principal.
+For more information about principal and realms, see krb5_principal\&.
.SS "Error messages"
-To get the error string, Heimdal uses krb5_get_error_message(). This is to return custom error messages (like ``Can't find host/datan.example.com@CODE.COM in /etc/krb5.conf.'' instead of a ``Key table entry not found'' that error_message returns.
+To get the error string, Heimdal uses \fBkrb5_get_error_message()\fP\&. This is to return custom error messages (like \fCCan't find host/datan\&.example\&.com\\@CODE\&.COM in /etc/krb5\&.conf\&.'' instead of a\fPKey table entry not found'' that error_message returns\&.
.PP
-Heimdal uses a threadsafe(r) version of the com_err interface; the global com_err table isn't initialised. Then error_message returns quite a boring error string (just the error code itself).
+Heimdal uses a threadsafe(r) version of the com_err interface; the global com_err table isn't initialised\&. Then error_message returns quite a boring error string (just the error code itself)\&.
diff --git a/doc/doxyout/krb5/man/man3/krb5_is_enctype_weak.3 b/doc/doxyout/krb5/man/man3/krb5_is_enctype_weak.3
new file mode 100644
index 000000000000..ebfd1cbfb9b2
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_is_enctype_weak.3
@@ -0,0 +1 @@
+.so man3/krb5_crypto.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_keytab.3 b/doc/doxyout/krb5/man/man3/krb5_keytab.3
index f0fa23633332..a2cdef1f2d59 100644
--- a/doc/doxyout/krb5/man/man3/krb5_keytab.3
+++ b/doc/doxyout/krb5/man/man3/krb5_keytab.3
@@ -1,8 +1,11 @@
-.TH "Heimdal Kerberos 5 keytab handling functions" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*-
+.TH "krb5_keytab" 3 "Fri Dec 8 2017" "Version 7.5.0" "HeimdalKerberos5library" \" -*- nroff -*-
.ad l
.nh
.SH NAME
-Heimdal Kerberos 5 keytab handling functions \-
+krb5_keytab
+.SH SYNOPSIS
+.br
+.PP
.SS "Functions"
.in +1c
@@ -67,7 +70,7 @@ Heimdal Kerberos 5 keytab handling functions \-
.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_remove_entry\fP (krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)"
.br
.ti -1c
-.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_kt_have_content\fP (krb5_context context, krb5_keytab id)"
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_have_content\fP (krb5_context context, krb5_keytab id)"
.br
.in -1c
.SH "Detailed Description"
@@ -76,107 +79,101 @@ Heimdal Kerberos 5 keytab handling functions \-
.SH "Function Documentation"
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_add_entry (krb5_context context, krb5_keytab id, krb5_keytab_entry * entry)"
-.PP
-Add the entry in `entry' to the keytab `id'.
+Add the entry in `entry' to the keytab `id'\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Keberos context.
+\fIcontext\fP a Keberos context\&.
.br
-\fIid\fP a keytab.
+\fIid\fP a keytab\&.
.br
\fIentry\fP the entry to add
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_close (krb5_context context, krb5_keytab id)"
-.PP
-Finish using the keytab in `id'. All resources will be released, even on errors.
+Finish using the keytab in `id'\&. All resources will be released, even on errors\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Keberos context.
+\fIcontext\fP a Keberos context\&.
.br
-\fIid\fP keytab to close.
+\fIid\fP keytab to close\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_kt_compare (krb5_context context, krb5_keytab_entry * entry, krb5_const_principal principal, krb5_kvno vno, krb5_enctype enctype)"
-.PP
-Compare `entry' against `principal, vno, enctype'. Any of `principal, vno, enctype' might be 0 which acts as a wildcard. Return TRUE if they compare the same, FALSE otherwise.
+Compare `entry' against `principal, vno, enctype'\&. Any of `principal, vno, enctype' might be 0 which acts as a wildcard\&. Return TRUE if they compare the same, FALSE otherwise\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Keberos context.
+\fIcontext\fP a Keberos context\&.
.br
-\fIentry\fP an entry to match with.
+\fIentry\fP an entry to match with\&.
.br
-\fIprincipal\fP principal to match, NULL matches all principals.
+\fIprincipal\fP principal to match, NULL matches all principals\&.
.br
-\fIvno\fP key version to match, 0 matches all key version numbers.
+\fIvno\fP key version to match, 0 matches all key version numbers\&.
.br
-\fIenctype\fP encryption type to match, 0 matches all encryption types.
+\fIenctype\fP encryption type to match, 0 matches all encryption types\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return TRUE or match, FALSE if not matched.
+Return TRUE or match, FALSE if not matched\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_copy_entry_contents (krb5_context context, const krb5_keytab_entry * in, krb5_keytab_entry * out)"
-.PP
-Copy the contents of `in' into `out'.
+Copy the contents of `in' into `out'\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Keberos context.
+\fIcontext\fP a Keberos context\&.
.br
-\fIin\fP the keytab entry to copy.
+\fIin\fP the keytab entry to copy\&.
.br
-\fIout\fP the copy of the keytab entry, free with \fBkrb5_kt_free_entry()\fP.
+\fIout\fP the copy of the keytab entry, free with \fBkrb5_kt_free_entry()\fP\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default (krb5_context context, krb5_keytab * id)"
-.PP
-Set `id' to the default keytab.
+Set `id' to the default keytab\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Keberos context.
+\fIcontext\fP a Keberos context\&.
.br
-\fIid\fP the new default keytab.
+\fIid\fP the new default keytab\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default_modify_name (krb5_context context, char * name, size_t namesize)"
-.PP
-Copy the name of the default modify keytab into `name'.
+Copy the name of the default modify keytab into `name'\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Keberos context.
+\fIcontext\fP a Keberos context\&.
.br
\fIname\fP buffer where the name will be written
.br
@@ -185,17 +182,16 @@ Copy the name of the default modify keytab into `name'.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default_name (krb5_context context, char * name, size_t namesize)"
-.PP
-copy the name of the default keytab into `name'.
+copy the name of the default keytab into `name'\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Keberos context.
+\fIcontext\fP a Keberos context\&.
.br
\fIname\fP buffer where the name will be written
.br
@@ -204,135 +200,128 @@ copy the name of the default keytab into `name'.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_destroy (krb5_context context, krb5_keytab id)"
-.PP
-Destroy (remove) the keytab in `id'. All resources will be released, even on errors, does the equvalment of \fBkrb5_kt_close()\fP on the resources.
+Destroy (remove) the keytab in `id'\&. All resources will be released, even on errors, does the equvalment of \fBkrb5_kt_close()\fP on the resources\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Keberos context.
+\fIcontext\fP a Keberos context\&.
.br
-\fIid\fP keytab to destroy.
+\fIid\fP keytab to destroy\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_end_seq_get (krb5_context context, krb5_keytab id, krb5_kt_cursor * cursor)"
-.PP
-Release all resources associated with `cursor'.
+Release all resources associated with `cursor'\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Keberos context.
+\fIcontext\fP a Keberos context\&.
.br
-\fIid\fP a keytab.
+\fIid\fP a keytab\&.
.br
-\fIcursor\fP the cursor to free.
+\fIcursor\fP the cursor to free\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_free_entry (krb5_context context, krb5_keytab_entry * entry)"
-.PP
-Free the contents of `entry'.
+Free the contents of `entry'\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Keberos context.
+\fIcontext\fP a Keberos context\&.
.br
\fIentry\fP the entry to free
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_entry (krb5_context context, krb5_keytab id, krb5_const_principal principal, krb5_kvno kvno, krb5_enctype enctype, krb5_keytab_entry * entry)"
-.PP
-Retrieve the keytab entry for `principal, kvno, enctype' into `entry' from the keytab `id'. Matching is done like \fBkrb5_kt_compare()\fP.
+Retrieve the keytab entry for `principal, kvno, enctype' into `entry' from the keytab `id'\&. Matching is done like \fBkrb5_kt_compare()\fP\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Keberos context.
+\fIcontext\fP a Keberos context\&.
.br
-\fIid\fP a keytab.
+\fIid\fP a keytab\&.
.br
-\fIprincipal\fP principal to match, NULL matches all principals.
+\fIprincipal\fP principal to match, NULL matches all principals\&.
.br
-\fIkvno\fP key version to match, 0 matches all key version numbers.
+\fIkvno\fP key version to match, 0 matches all key version numbers\&.
.br
-\fIenctype\fP encryption type to match, 0 matches all encryption types.
+\fIenctype\fP encryption type to match, 0 matches all encryption types\&.
.br
-\fIentry\fP the returned entry, free with \fBkrb5_kt_free_entry()\fP.
+\fIentry\fP the returned entry, free with \fBkrb5_kt_free_entry()\fP\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_full_name (krb5_context context, krb5_keytab keytab, char ** str)"
-.PP
-Retrieve the full name of the keytab `keytab' and store the name in `str'.
+Retrieve the full name of the keytab `keytab' and store the name in `str'\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Keberos context.
+\fIcontext\fP a Keberos context\&.
.br
-\fIkeytab\fP keytab to get name for.
+\fIkeytab\fP keytab to get name for\&.
.br
-\fIstr\fP the name of the keytab name, usee krb5_xfree() to free the string. On error, *str is set to NULL.
+\fIstr\fP the name of the keytab name, usee krb5_xfree() to free the string\&. On error, *str is set to NULL\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_name (krb5_context context, krb5_keytab keytab, char * name, size_t namesize)"
-.PP
Retrieve the name of the keytab `keytab' into `name', `namesize'
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Keberos context.
+\fIcontext\fP a Keberos context\&.
.br
-\fIkeytab\fP the keytab to get the name for.
+\fIkeytab\fP the keytab to get the name for\&.
.br
-\fIname\fP name buffer.
+\fIname\fP name buffer\&.
.br
-\fInamesize\fP size of name buffer.
+\fInamesize\fP size of name buffer\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_type (krb5_context context, krb5_keytab keytab, char * prefix, size_t prefixsize)"
-.PP
-Return the type of the `keytab' in the string `prefix of length `prefixsize'.
+Return the type of the `keytab' in the string \fCprefix of length \fPprefixsize'\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Keberos context.
+\fIcontext\fP a Keberos context\&.
.br
\fIkeytab\fP the keytab to get the prefix for
.br
@@ -343,55 +332,52 @@ Return the type of the `keytab' in the string `prefix of length `prefixsize'.
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
-.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_kt_have_content (krb5_context context, krb5_keytab id)"
-.PP
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_have_content (krb5_context context, krb5_keytab id)"
Return true if the keytab exists and have entries
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Keberos context.
+\fIcontext\fP a Keberos context\&.
.br
-\fIid\fP a keytab.
+\fIid\fP a keytab\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_next_entry (krb5_context context, krb5_keytab id, krb5_keytab_entry * entry, krb5_kt_cursor * cursor)"
-.PP
-Get the next entry from keytab, advance the cursor. On last entry the function will return KRB5_KT_END.
+Get the next entry from keytab, advance the cursor\&. On last entry the function will return KRB5_KT_END\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Keberos context.
+\fIcontext\fP a Keberos context\&.
.br
-\fIid\fP a keytab.
+\fIid\fP a keytab\&.
.br
-\fIentry\fP the returned entry, free with \fBkrb5_kt_free_entry()\fP.
+\fIentry\fP the returned entry, free with \fBkrb5_kt_free_entry()\fP\&.
.br
-\fIcursor\fP the cursor of the iteration.
+\fIcursor\fP the cursor of the iteration\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_read_service_key (krb5_context context, krb5_pointer keyprocarg, krb5_principal principal, krb5_kvno vno, krb5_enctype enctype, krb5_keyblock ** key)"
-.PP
-Read the key identified by `(principal, vno, enctype)' from the keytab in `keyprocarg' (the default if == NULL) into `*key'.
+Read the key identified by `(principal, vno, enctype)' from the keytab in `keyprocarg' (the default if == NULL) into `*key'\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Keberos context.
+\fIcontext\fP a Keberos context\&.
.br
\fIkeyprocarg\fP
.br
@@ -406,81 +392,80 @@ Read the key identified by `(principal, vno, enctype)' from the keytab in `keypr
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_register (krb5_context context, const krb5_kt_ops * ops)"
-.PP
-Register a new keytab backend.
+Register a new keytab backend\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Keberos context.
+\fIcontext\fP a Keberos context\&.
.br
-\fIops\fP a backend to register.
+\fIops\fP a backend to register\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_remove_entry (krb5_context context, krb5_keytab id, krb5_keytab_entry * entry)"
-.PP
-Remove an entry from the keytab, matching is done using \fBkrb5_kt_compare()\fP.
+Remove an entry from the keytab, matching is done using \fBkrb5_kt_compare()\fP\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Keberos context.
+\fIcontext\fP a Keberos context\&.
.br
-\fIid\fP a keytab.
+\fIid\fP a keytab\&.
.br
\fIentry\fP the entry to remove
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_resolve (krb5_context context, const char * name, krb5_keytab * id)"
-.PP
-Resolve the keytab name (of the form `type:residual') in `name' into a keytab in `id'.
+Resolve the keytab name (of the form `type:residual') in `name' into a keytab in `id'\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Keberos context.
+\fIcontext\fP a Keberos context\&.
.br
\fIname\fP name to resolve
.br
-\fIid\fP resulting keytab, free with \fBkrb5_kt_close()\fP.
+\fIid\fP resulting keytab, free with \fBkrb5_kt_close()\fP\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_start_seq_get (krb5_context context, krb5_keytab id, krb5_kt_cursor * cursor)"
-.PP
-Set `cursor' to point at the beginning of `id'.
+Set `cursor' to point at the beginning of `id'\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Keberos context.
+\fIcontext\fP a Keberos context\&.
.br
-\fIid\fP a keytab.
+\fIid\fP a keytab\&.
.br
-\fIcursor\fP a newly allocated cursor, free with \fBkrb5_kt_end_seq_get()\fP.
+\fIcursor\fP a newly allocated cursor, free with \fBkrb5_kt_end_seq_get()\fP\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
+.SH "Author"
+.PP
+Generated automatically by Doxygen for HeimdalKerberos5library from the source code\&.
diff --git a/doc/doxyout/krb5/man/man3/krb5_keytab_intro.3 b/doc/doxyout/krb5/man/man3/krb5_keytab_intro.3
index f66e48176e79..3257b25c08c6 100644
--- a/doc/doxyout/krb5/man/man3/krb5_keytab_intro.3
+++ b/doc/doxyout/krb5/man/man3/krb5_keytab_intro.3
@@ -1,36 +1,37 @@
-.TH "krb5_keytab_intro" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*-
+.TH "krb5_keytab_intro" 3 "Fri Dec 8 2017" "Version 7.5.0" "HeimdalKerberos5library" \" -*- nroff -*-
.ad l
.nh
.SH NAME
-krb5_keytab_intro \- The keytab handing functions
+krb5_keytab_introThe keytab handing functions
+ \-
.SH "Kerberos Keytabs"
.PP
See the library functions here: \fBHeimdal Kerberos 5 keytab handling functions\fP
.PP
-Keytabs are long term key storage for servers, their equvalment of password files.
+Keytabs are long term key storage for servers, their equvalment of password files\&.
.PP
-Normally the only function that useful for server are to specify what keytab to use to other core functions like krb5_rd_req() \fBkrb5_kt_resolve()\fP, and \fBkrb5_kt_close()\fP.
+Normally the only function that useful for server are to specify what keytab to use to other core functions like krb5_rd_req() \fBkrb5_kt_resolve()\fP, and \fBkrb5_kt_close()\fP\&.
.SS "Keytab names"
-A keytab name is on the form type:residual. The residual part is specific to each keytab-type.
+A keytab name is on the form type:residual\&. The residual part is specific to each keytab-type\&.
.PP
-When a keytab-name is resolved, the type is matched with an internal list of keytab types. If there is no matching keytab type, the default keytab is used. The current default type is FILE.
+When a keytab-name is resolved, the type is matched with an internal list of keytab types\&. If there is no matching keytab type, the default keytab is used\&. The current default type is FILE\&.
.PP
-The default value can be changed in the configuration file /etc/krb5.conf by setting the variable [defaults]default_keytab_name.
+The default value can be changed in the configuration file /etc/krb5\&.conf by setting the variable [defaults]default_keytab_name\&.
.PP
The keytab types that are implemented in Heimdal are:
.IP "\(bu" 2
-file store the keytab in a file, the type's name is FILE . The residual part is a filename. For compatibility with other Kerberos implemtation WRFILE and JAVA14 is also accepted. WRFILE has the same format as FILE. JAVA14 have a format that is compatible with older versions of MIT kerberos and SUN's Java based installation. They store a truncted kvno, so when the knvo excess 255, they are truncted in this format.
-.PP
-.PP
+file store the keytab in a file, the type's name is FILE \&. The residual part is a filename\&. For compatibility with other Kerberos implemtation WRFILE and JAVA14 is also accepted\&. WRFILE has the same format as FILE\&. JAVA14 have a format that is compatible with older versions of MIT kerberos and SUN's Java based installation\&. They store a truncted kvno, so when the knvo excess 255, they are truncted in this format\&.
.IP "\(bu" 2
-keytab store the keytab in a AFS keyfile (usually /usr/afs/etc/KeyFile ), the type's name is AFSKEYFILE. The residual part is a filename.
-.PP
-.PP
+keytab store the keytab in a AFS keyfile (usually /usr/afs/etc/KeyFile ), the type's name is AFSKEYFILE\&. The residual part is a filename\&.
.IP "\(bu" 2
-memory The keytab is stored in a memory segment. This allows sensitive and/or temporary data not to be stored on disk. The type's name is MEMORY. Each MEMORY keytab is referenced counted by and opened by the residual name, so two handles can point to the same memory area. When the last user closes using \fBkrb5_kt_close()\fP the keytab, the keys in they keytab is memset() to zero and freed and can no longer be looked up by name.
+memory The keytab is stored in a memory segment\&. This allows sensitive and/or temporary data not to be stored on disk\&. The type's name is MEMORY\&. Each MEMORY keytab is referenced counted by and opened by the residual name, so two handles can point to the same memory area\&. When the last user closes using \fBkrb5_kt_close()\fP the keytab, the keys in they keytab is memset() to zero and freed and can no longer be looked up by name\&.
.PP
.SS "Keytab example"
+.PP
+.nf
This is a minimalistic version of ktutil.
+.fi
+.PP
.PP
.PP
.nf
@@ -45,27 +46,27 @@ main (int argc, char **argv)
char *principal;
if (krb5_init_context (&context) != 0)
- errx(1, 'krb5_context');
+ errx(1, "krb5_context");
ret = krb5_kt_default (context, &keytab);
if (ret)
- krb5_err(context, 1, ret, 'krb5_kt_default');
+ krb5_err(context, 1, ret, "krb5_kt_default");
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
if (ret)
- krb5_err(context, 1, ret, 'krb5_kt_start_seq_get');
+ krb5_err(context, 1, ret, "krb5_kt_start_seq_get");
while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){
- krb5_unparse_name(context, entry.principal, &principal);
- printf('principal: %s\n', principal);
+ krb5_unparse_name(context, entry\&.principal, &principal);
+ printf("principal: %s\n", principal);
free(principal);
krb5_kt_free_entry(context, &entry);
}
ret = krb5_kt_end_seq_get(context, keytab, &cursor);
if (ret)
- krb5_err(context, 1, ret, 'krb5_kt_end_seq_get');
+ krb5_err(context, 1, ret, "krb5_kt_end_seq_get");
ret = krb5_kt_close(context, keytab);
if (ret)
- krb5_err(context, 1, ret, 'krb5_kt_close');
+ krb5_err(context, 1, ret, "krb5_kt_close");
krb5_free_context(context);
return 0;
}
diff --git a/doc/doxyout/krb5/man/man3/krb5_pac.3 b/doc/doxyout/krb5/man/man3/krb5_pac.3
index 85daffca9dab..5e1e70e298ea 100644
--- a/doc/doxyout/krb5/man/man3/krb5_pac.3
+++ b/doc/doxyout/krb5/man/man3/krb5_pac.3
@@ -1,8 +1,11 @@
-.TH "Heimdal Kerberos 5 PAC handling functions" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*-
+.TH "krb5_pac" 3 "Fri Dec 8 2017" "Version 7.5.0" "HeimdalKerberos5library" \" -*- nroff -*-
.ad l
.nh
.SH NAME
-Heimdal Kerberos 5 PAC handling functions \-
+krb5_pac
+.SH SYNOPSIS
+.br
+.PP
.SS "Functions"
.in +1c
@@ -19,48 +22,49 @@ Heimdal Kerberos 5 PAC handling functions \-
.SH "Function Documentation"
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_get_buffer (krb5_context context, krb5_pac p, uint32_t type, krb5_data * data)"
-.PP
-Get the PAC buffer of specific type from the pac.
+Get the PAC buffer of specific type from the pac\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
-\fIp\fP the pac structure returned by krb5_pac_parse().
+\fIp\fP the pac structure returned by krb5_pac_parse()\&.
.br
\fItype\fP type of buffer to get
.br
-\fIdata\fP return data, free with \fBkrb5_data_free()\fP.
+\fIdata\fP return data, free with \fBkrb5_data_free()\fP\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_verify (krb5_context context, const krb5_pac pac, time_t authtime, krb5_const_principal principal, const krb5_keyblock * server, const krb5_keyblock * privsvr)"
-.PP
-Verify the PAC.
+Verify the PAC\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
-\fIpac\fP the pac structure returned by krb5_pac_parse().
+\fIpac\fP the pac structure returned by krb5_pac_parse()\&.
.br
-\fIauthtime\fP The time of the ticket the PAC belongs to.
+\fIauthtime\fP The time of the ticket the PAC belongs to\&.
.br
-\fIprincipal\fP the principal to verify.
+\fIprincipal\fP the principal to verify\&.
.br
-\fIserver\fP The service key, most always be given.
+\fIserver\fP The service key, most always be given\&.
.br
-\fIprivsvr\fP The KDC key, may be given.
+\fIprivsvr\fP The KDC key, may be given\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
+.SH "Author"
+.PP
+Generated automatically by Doxygen for HeimdalKerberos5library from the source code\&.
diff --git a/doc/doxyout/krb5/man/man3/krb5_principal.3 b/doc/doxyout/krb5/man/man3/krb5_principal.3
index cba91dd1d9ef..bf81ec0daf8c 100644
--- a/doc/doxyout/krb5/man/man3/krb5_principal.3
+++ b/doc/doxyout/krb5/man/man3/krb5_principal.3
@@ -1,8 +1,11 @@
-.TH "Heimdal Kerberos 5 principal functions" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*-
+.TH "krb5_principal" 3 "Fri Dec 8 2017" "Version 7.5.0" "HeimdalKerberos5library" \" -*- nroff -*-
.ad l
.nh
.SH NAME
-Heimdal Kerberos 5 principal functions \-
+krb5_principal
+.SH SYNOPSIS
+.br
+.PP
.SS "Functions"
.in +1c
@@ -49,10 +52,10 @@ Heimdal Kerberos 5 principal functions \-
.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_principal_set_realm\fP (krb5_context context, krb5_principal principal, krb5_const_realm realm)"
.br
.ti -1c
-.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_build_principal\fP (krb5_context context, krb5_principal *principal, int rlen, krb5_const_realm realm,...)"
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_build_principal\fP (krb5_context context, krb5_principal *principal, int rlen, krb5_const_realm realm,\&.\&.\&.)"
.br
.ti -1c
-.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_make_principal\fP (krb5_context context, krb5_principal *principal, krb5_const_realm realm,...)"
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_make_principal\fP (krb5_context context, krb5_principal *principal, krb5_const_realm realm,\&.\&.\&.)"
.br
.ti -1c
.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_principal\fP (krb5_context context, krb5_const_principal inprinc, krb5_principal *outprinc)"
@@ -70,27 +73,44 @@ Heimdal Kerberos 5 principal functions \-
.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_principal_match\fP (krb5_context context, krb5_const_principal princ, krb5_const_principal pattern)"
.br
.ti -1c
-.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_sname_to_principal\fP (krb5_context context, const char *hostname, const char *sname, int32_t type, krb5_principal *ret_princ)"
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_parse_nametype\fP (krb5_context context, const char *str, int32_t *nametype)"
.br
.ti -1c
-.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_parse_nametype\fP (krb5_context context, const char *str, int32_t *nametype)"
+.RI "krb5_boolean KRB5_LIB_FUNCTION \fBkrb5_principal_is_null\fP (krb5_context context, krb5_const_principal principal)"
+.br
+.ti -1c
+.RI "krb5_boolean KRB5_LIB_FUNCTION \fBkrb5_realm_is_lkdc\fP (const char *realm)"
+.br
+.ti -1c
+.RI "krb5_boolean KRB5_LIB_FUNCTION \fBkrb5_principal_is_lkdc\fP (krb5_context context, krb5_const_principal principal)"
+.br
+.ti -1c
+.RI "krb5_boolean KRB5_LIB_FUNCTION \fBkrb5_principal_is_pku2u\fP (krb5_context context, krb5_const_principal principal)"
.br
.ti -1c
.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_principal_is_krbtgt\fP (krb5_context context, krb5_const_principal p)"
.br
+.ti -1c
+.RI "krb5_boolean KRB5_LIB_FUNCTION \fBkrb5_principal_is_gss_hostbased_service\fP (krb5_context context, krb5_const_principal principal)"
+.br
+.ti -1c
+.RI "krb5_boolean KRB5_LIB_FUNCTION \fBkrb5_principal_is_root_krbtgt\fP (krb5_context context, krb5_const_principal p)"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_sname_to_principal\fP (krb5_context context, const char *hostname, const char *sname, int32_t type, krb5_principal *ret_princ)"
+.br
.in -1c
.SH "Detailed Description"
.PP
.SH "Function Documentation"
.PP
-.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_principal (krb5_context context, krb5_principal * principal, int rlen, krb5_const_realm realm, ...)"
-.PP
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_principal (krb5_context context, krb5_principal * principal, int rlen, krb5_const_realm realm, \&.\&.\&.)"
Build a principal using vararg style building
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos context.
+\fIcontext\fP A Kerberos context\&.
.br
\fIprincipal\fP returned principal
.br
@@ -98,22 +118,21 @@ Build a principal using vararg style building
.br
\fIrealm\fP realm name
.br
-\fI...\fP a list of components ended with NULL.
+\fI\&.\&.\&.\fP a list of components ended with NULL\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-An krb5 error code, see krb5_get_error_message().
+An krb5 error code, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_principal (krb5_context context, krb5_const_principal inprinc, krb5_principal * outprinc)"
-.PP
Copy a principal
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos context.
+\fIcontext\fP A Kerberos context\&.
.br
\fIinprinc\fP principal to copy
.br
@@ -122,50 +141,47 @@ Copy a principal
.PP
\fBReturns:\fP
.RS 4
-An krb5 error code, see krb5_get_error_message().
+An krb5 error code, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_principal (krb5_context context, krb5_principal p)"
-.PP
-Frees a Kerberos principal allocated by the library with \fBkrb5_parse_name()\fP, \fBkrb5_make_principal()\fP or any other related principal functions.
+Frees a Kerberos principal allocated by the library with \fBkrb5_parse_name()\fP, \fBkrb5_make_principal()\fP or any other related principal functions\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos context.
+\fIcontext\fP A Kerberos context\&.
.br
-\fIp\fP a principal to free.
+\fIp\fP a principal to free\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-An krb5 error code, see krb5_get_error_message().
+An krb5 error code, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
-.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_make_principal (krb5_context context, krb5_principal * principal, krb5_const_realm realm, ...)"
-.PP
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_make_principal (krb5_context context, krb5_principal * principal, krb5_const_realm realm, \&.\&.\&.)"
Build a principal using vararg style building
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos context.
+\fIcontext\fP A Kerberos context\&.
.br
\fIprincipal\fP returned principal
.br
\fIrealm\fP realm name
.br
-\fI...\fP a list of components ended with NULL.
+\fI\&.\&.\&.\fP a list of components ended with NULL\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-An krb5 error code, see krb5_get_error_message().
+An krb5 error code, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_name (krb5_context context, const char * name, krb5_principal * principal)"
-.PP
Parse a name into a krb5_principal structure
.PP
\fBParameters:\fP
@@ -174,18 +190,17 @@ Parse a name into a krb5_principal structure
.br
\fIname\fP name to parse into a Kerberos principal
.br
-\fIprincipal\fP returned principal, free with \fBkrb5_free_principal()\fP.
+\fIprincipal\fP returned principal, free with \fBkrb5_free_principal()\fP\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-An krb5 error code, see krb5_get_error_message().
+An krb5 error code, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_name_flags (krb5_context context, const char * name, int flags, krb5_principal * principal)"
-.PP
-Parse a name into a krb5_principal structure, flags controls the behavior.
+Parse a name into a krb5_principal structure, flags controls the behavior\&.
.PP
\fBParameters:\fP
.RS 4
@@ -195,21 +210,19 @@ Parse a name into a krb5_principal structure, flags controls the behavior.
.br
\fIflags\fP flags to control the behavior
.br
-\fIprincipal\fP returned principal, free with \fBkrb5_free_principal()\fP.
+\fIprincipal\fP returned principal, free with \fBkrb5_free_principal()\fP\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-An krb5 error code, see krb5_get_error_message().
+An krb5 error code, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_nametype (krb5_context context, const char * str, int32_t * nametype)"
-.PP
Parse nametype string and return a nametype integer
.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_compare (krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)"
-.PP
-Compares the two principals, including realm of the principals and returns TRUE if they are the same and FALSE if not.
+Compares the two principals, including realm of the principals and returns TRUE if they are the same and FALSE if not\&.
.PP
\fBParameters:\fP
.RS 4
@@ -229,7 +242,6 @@ Compares the two principals, including realm of the principals and returns TRUE
.PP
.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_compare_any_realm (krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)"
-.PP
Return TRUE iff princ1 == princ2 (without considering the realm)
.PP
\fBParameters:\fP
@@ -255,8 +267,7 @@ non zero if equal, 0 if not
.PP
.SS "KRB5_LIB_FUNCTION unsigned int KRB5_LIB_CALL krb5_principal_get_num_comp (krb5_context context, krb5_const_principal principal)"
-.PP
-Get number of component is principal.
+Get number of component is principal\&.
.PP
\fBParameters:\fP
.RS 4
@@ -272,12 +283,11 @@ number of components in string
.PP
.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_principal_get_realm (krb5_context context, krb5_const_principal principal)"
-.PP
Get the realm of the principal
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos context.
+\fIcontext\fP A Kerberos context\&.
.br
\fIprincipal\fP principal to get the realm for
.RE
@@ -289,12 +299,11 @@ realm of the principal, don't free or use after krb5_principal is freed
.PP
.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_principal_get_type (krb5_context context, krb5_const_principal principal)"
-.PP
Get the type of the principal
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos context.
+\fIcontext\fP A Kerberos context\&.
.br
\fIprincipal\fP principal to get the type for
.RE
@@ -305,19 +314,26 @@ the type of principal
.RE
.PP
+.SS "krb5_boolean KRB5_LIB_FUNCTION krb5_principal_is_gss_hostbased_service (krb5_context context, krb5_const_principal principal)"
+Returns true iff name is an WELLKNOWN:ORG\&.H5L\&.HOSTBASED-SERVICE
.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_is_krbtgt (krb5_context context, krb5_const_principal p)"
-.PP
Check if the cname part of the principal is a krbtgt principal
+.SS "krb5_boolean KRB5_LIB_FUNCTION krb5_principal_is_lkdc (krb5_context context, krb5_const_principal principal)"
+Returns true if name is Kerberos an LKDC realm
+.SS "krb5_boolean KRB5_LIB_FUNCTION krb5_principal_is_null (krb5_context context, krb5_const_principal principal)"
+Returns true if name is Kerberos NULL name
+.SS "krb5_boolean KRB5_LIB_FUNCTION krb5_principal_is_pku2u (krb5_context context, krb5_const_principal principal)"
+Returns true if name is Kerberos an LKDC realm
+.SS "krb5_boolean KRB5_LIB_FUNCTION krb5_principal_is_root_krbtgt (krb5_context context, krb5_const_principal p)"
+Check if the cname part of the principal is a initial or renewed krbtgt principal
.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_match (krb5_context context, krb5_const_principal princ, krb5_const_principal pattern)"
-.PP
return TRUE iff princ matches pattern
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_principal_set_realm (krb5_context context, krb5_principal principal, krb5_const_realm realm)"
-.PP
-Set a new realm for a principal, and as a side-effect free the previous realm.
+Set a new realm for a principal, and as a side-effect free the previous realm\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos context.
+\fIcontext\fP A Kerberos context\&.
.br
\fIprincipal\fP principal set the realm for
.br
@@ -326,17 +342,16 @@ Set a new realm for a principal, and as a side-effect free the previous realm.
.PP
\fBReturns:\fP
.RS 4
-An krb5 error code, see krb5_get_error_message().
+An krb5 error code, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_principal_set_type (krb5_context context, krb5_principal principal, int type)"
-.PP
Set the type of the principal
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos context.
+\fIcontext\fP A Kerberos context\&.
.br
\fIprincipal\fP principal to set the type for
.br
@@ -345,12 +360,11 @@ Set the type of the principal
.PP
\fBReturns:\fP
.RS 4
-An krb5 error code, see krb5_get_error_message().
+An krb5 error code, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_realm_compare (krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)"
-.PP
return TRUE iff realm(princ1) == realm(princ2)
.PP
\fBParameters:\fP
@@ -370,31 +384,33 @@ return TRUE iff realm(princ1) == realm(princ2)
.RE
.PP
+.SS "krb5_boolean KRB5_LIB_FUNCTION krb5_realm_is_lkdc (const char * realm)"
+Returns true if name is Kerberos an LKDC realm
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sname_to_principal (krb5_context context, const char * hostname, const char * sname, int32_t type, krb5_principal * ret_princ)"
+Create a principal for the given service running on the given hostname\&. If KRB5_NT_SRV_HST is used, the hostname is canonicalized according the configured name canonicalization rules, with canonicalization delayed in some cases\&. One rule involves DNS, which is insecure unless DNSSEC is used, but we don't use DNSSEC-capable resolver APIs here, so that if DNSSEC is used we wouldn't know it\&.
.PP
-Create a principal for the service running on hostname. If KRB5_NT_SRV_HST is used, the hostname is canonization using DNS (or some other service), this is potentially insecure.
+Canonicalization is immediate (not delayed) only when there is only one canonicalization rule and that rule indicates that we should do a host lookup by name (i\&.e\&., DNS)\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos context.
+\fIcontext\fP A Kerberos context\&.
.br
\fIhostname\fP hostname to use
.br
\fIsname\fP Service name to use
.br
-\fItype\fP name type of pricipal, use KRB5_NT_SRV_HST or KRB5_NT_UNKNOWN.
+\fItype\fP name type of principal, use KRB5_NT_SRV_HST or KRB5_NT_UNKNOWN\&.
.br
-\fIret_princ\fP return principal, free with \fBkrb5_free_principal()\fP.
+\fIret_princ\fP return principal, free with \fBkrb5_free_principal()\fP\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-An krb5 error code, see krb5_get_error_message().
+An krb5 error code, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name (krb5_context context, krb5_const_principal principal, char ** name)"
-.PP
Unparse the Kerberos name into a string
.PP
\fBParameters:\fP
@@ -408,17 +424,16 @@ Unparse the Kerberos name into a string
.PP
\fBReturns:\fP
.RS 4
-An krb5 error code, see krb5_get_error_message().
+An krb5 error code, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed (krb5_context context, krb5_const_principal principal, char * name, size_t len)"
-.PP
Unparse the principal name to a fixed buffer
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos context.
+\fIcontext\fP A Kerberos context\&.
.br
\fIprincipal\fP principal to unparse
.br
@@ -429,17 +444,16 @@ Unparse the principal name to a fixed buffer
.PP
\fBReturns:\fP
.RS 4
-An krb5 error code, see krb5_get_error_message().
+An krb5 error code, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed_flags (krb5_context context, krb5_const_principal principal, int flags, char * name, size_t len)"
-.PP
-Unparse the principal name with unparse flags to a fixed buffer.
+Unparse the principal name with unparse flags to a fixed buffer\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos context.
+\fIcontext\fP A Kerberos context\&.
.br
\fIprincipal\fP principal to unparse
.br
@@ -452,17 +466,16 @@ Unparse the principal name with unparse flags to a fixed buffer.
.PP
\fBReturns:\fP
.RS 4
-An krb5 error code, see krb5_get_error_message().
+An krb5 error code, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed_short (krb5_context context, krb5_const_principal principal, char * name, size_t len)"
-.PP
-Unparse the principal name to a fixed buffer. The realm is skipped if its a default realm.
+Unparse the principal name to a fixed buffer\&. The realm is skipped if its a default realm\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos context.
+\fIcontext\fP A Kerberos context\&.
.br
\fIprincipal\fP principal to unparse
.br
@@ -473,12 +486,11 @@ Unparse the principal name to a fixed buffer. The realm is skipped if its a defa
.PP
\fBReturns:\fP
.RS 4
-An krb5 error code, see krb5_get_error_message().
+An krb5 error code, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_flags (krb5_context context, krb5_const_principal principal, int flags, char ** name)"
-.PP
Unparse the Kerberos name into a string
.PP
\fBParameters:\fP
@@ -494,17 +506,16 @@ Unparse the Kerberos name into a string
.PP
\fBReturns:\fP
.RS 4
-An krb5 error code, see krb5_get_error_message().
+An krb5 error code, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_short (krb5_context context, krb5_const_principal principal, char ** name)"
-.PP
-Unparse the principal name to a allocated buffer. The realm is skipped if its a default realm.
+Unparse the principal name to a allocated buffer\&. The realm is skipped if its a default realm\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos context.
+\fIcontext\fP A Kerberos context\&.
.br
\fIprincipal\fP principal to unparse
.br
@@ -513,7 +524,10 @@ Unparse the principal name to a allocated buffer. The realm is skipped if its a
.PP
\fBReturns:\fP
.RS 4
-An krb5 error code, see krb5_get_error_message().
+An krb5 error code, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
+.SH "Author"
+.PP
+Generated automatically by Doxygen for HeimdalKerberos5library from the source code\&.
diff --git a/doc/doxyout/krb5/man/man3/krb5_principal_intro.3 b/doc/doxyout/krb5/man/man3/krb5_principal_intro.3
index 55e1491c4ed9..9e5b49d5ce95 100644
--- a/doc/doxyout/krb5/man/man3/krb5_principal_intro.3
+++ b/doc/doxyout/krb5/man/man3/krb5_principal_intro.3
@@ -1,12 +1,11 @@
-.TH "krb5_principal_intro" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*-
+.TH "krb5_principal_intro" 3 "Fri Dec 8 2017" "Version 7.5.0" "HeimdalKerberos5library" \" -*- nroff -*-
.ad l
.nh
.SH NAME
-krb5_principal_intro \- The principal handing functions.
-A Kerberos principal is a email address looking string that contains to parts separeted by a @. The later part is the kerbero realm the principal belongs to and the former is a list of 0 or more components. For example
+krb5_principal_introThe principal handing functions\&.
+ \- A Kerberos principal is a email address looking string that contains two parts separated by . The second part is the kerberos realm the principal belongs to and the first is a list of 0 or more components\&. For example
.PP
.nf
-
lha@SU.SE
host/hummel.it.su.se@SU.SE
host/admin@H5L.ORG
diff --git a/doc/doxyout/krb5/man/man3/krb5_principal_is_gss_hostbased_service.3 b/doc/doxyout/krb5/man/man3/krb5_principal_is_gss_hostbased_service.3
new file mode 100644
index 000000000000..86ad45a98b4c
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_principal_is_gss_hostbased_service.3
@@ -0,0 +1 @@
+.so man3/krb5_principal.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_principal_is_lkdc.3 b/doc/doxyout/krb5/man/man3/krb5_principal_is_lkdc.3
new file mode 100644
index 000000000000..86ad45a98b4c
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_principal_is_lkdc.3
@@ -0,0 +1 @@
+.so man3/krb5_principal.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_principal_is_null.3 b/doc/doxyout/krb5/man/man3/krb5_principal_is_null.3
new file mode 100644
index 000000000000..86ad45a98b4c
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_principal_is_null.3
@@ -0,0 +1 @@
+.so man3/krb5_principal.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_principal_is_pku2u.3 b/doc/doxyout/krb5/man/man3/krb5_principal_is_pku2u.3
new file mode 100644
index 000000000000..86ad45a98b4c
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_principal_is_pku2u.3
@@ -0,0 +1 @@
+.so man3/krb5_principal.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_principal_is_root_krbtgt.3 b/doc/doxyout/krb5/man/man3/krb5_principal_is_root_krbtgt.3
new file mode 100644
index 000000000000..86ad45a98b4c
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_principal_is_root_krbtgt.3
@@ -0,0 +1 @@
+.so man3/krb5_principal.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_realm_is_lkdc.3 b/doc/doxyout/krb5/man/man3/krb5_realm_is_lkdc.3
new file mode 100644
index 000000000000..86ad45a98b4c
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_realm_is_lkdc.3
@@ -0,0 +1 @@
+.so man3/krb5_principal.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_ret_int64.3 b/doc/doxyout/krb5/man/man3/krb5_ret_int64.3
new file mode 100644
index 000000000000..de414358a467
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_ret_int64.3
@@ -0,0 +1 @@
+.so man3/krb5_storage.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_ret_uint64.3 b/doc/doxyout/krb5/man/man3/krb5_ret_uint64.3
new file mode 100644
index 000000000000..de414358a467
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_ret_uint64.3
@@ -0,0 +1 @@
+.so man3/krb5_storage.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_set_warn_dest.3 b/doc/doxyout/krb5/man/man3/krb5_set_warn_dest.3
new file mode 100644
index 000000000000..f721fda2cd4b
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_set_warn_dest.3
@@ -0,0 +1 @@
+.so man3/krb5_error.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_storage.3 b/doc/doxyout/krb5/man/man3/krb5_storage.3
index cd11cdf24a7e..e199430eee84 100644
--- a/doc/doxyout/krb5/man/man3/krb5_storage.3
+++ b/doc/doxyout/krb5/man/man3/krb5_storage.3
@@ -1,8 +1,11 @@
-.TH "Heimdal Kerberos 5 storage functions" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*-
+.TH "krb5_storage" 3 "Fri Dec 8 2017" "Version 7.5.0" "HeimdalKerberos5library" \" -*- nroff -*-
.ad l
.nh
.SH NAME
-Heimdal Kerberos 5 storage functions \-
+krb5_storage
+.SH SYNOPSIS
+.br
+.PP
.SS "Functions"
.in +1c
@@ -31,6 +34,9 @@ Heimdal Kerberos 5 storage functions \-
.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_storage_truncate\fP (krb5_storage *sp, off_t offset)"
.br
.ti -1c
+.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_storage_fsync\fP (krb5_storage *sp)"
+.br
+.ti -1c
.RI "KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL \fBkrb5_storage_read\fP (krb5_storage *sp, void *buf, size_t len)"
.br
.ti -1c
@@ -52,9 +58,21 @@ Heimdal Kerberos 5 storage functions \-
.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_int32\fP (krb5_storage *sp, int32_t value)"
.br
.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_int64\fP (krb5_storage *sp, int64_t value)"
+.br
+.ti -1c
.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_uint32\fP (krb5_storage *sp, uint32_t value)"
.br
.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_uint64\fP (krb5_storage *sp, uint64_t value)"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_int64\fP (krb5_storage *sp, int64_t *value)"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_uint64\fP (krb5_storage *sp, uint64_t *value)"
+.br
+.ti -1c
.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_int32\fP (krb5_storage *sp, int32_t *value)"
.br
.ti -1c
@@ -154,7 +172,7 @@ Heimdal Kerberos 5 storage functions \-
.RI "KRB5_LIB_FUNCTION krb5_storage *KRB5_LIB_CALL \fBkrb5_storage_emem\fP (void)"
.br
.ti -1c
-.RI "KRB5_LIB_FUNCTION krb5_storage *KRB5_LIB_CALL \fBkrb5_storage_from_fd\fP (krb5_socket_t fd_in)"
+.RI "KRB5_LIB_FUNCTION krb5_storage *KRB5_LIB_CALL \fBkrb5_storage_from_fd\fP (int fd_in)"
.br
.ti -1c
.RI "KRB5_LIB_FUNCTION krb5_storage *KRB5_LIB_CALL \fBkrb5_storage_from_mem\fP (void *buf, size_t len)"
@@ -165,6 +183,9 @@ Heimdal Kerberos 5 storage functions \-
.ti -1c
.RI "KRB5_LIB_FUNCTION krb5_storage *KRB5_LIB_CALL \fBkrb5_storage_from_readonly_mem\fP (const void *buf, size_t len)"
.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_storage *KRB5_LIB_CALL \fBkrb5_storage_from_socket\fP (krb5_socket_t sock_in)"
+.br
.in -1c
.SH "Detailed Description"
.PP
@@ -172,8 +193,7 @@ Heimdal Kerberos 5 storage functions \-
.SH "Function Documentation"
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_address (krb5_storage * sp, krb5_address * adr)"
-.PP
-Read a address block from the storage.
+Read a address block from the storage\&.
.PP
\fBParameters:\fP
.RS 4
@@ -184,13 +204,12 @@ Read a address block from the storage.
.PP
\fBReturns:\fP
.RS 4
-0 on success, a Kerberos 5 error code on failure.
+0 on success, a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_addrs (krb5_storage * sp, krb5_addresses * adr)"
-.PP
-Read a addresses block from the storage.
+Read a addresses block from the storage\&.
.PP
\fBParameters:\fP
.RS 4
@@ -201,13 +220,12 @@ Read a addresses block from the storage.
.PP
\fBReturns:\fP
.RS 4
-0 on success, a Kerberos 5 error code on failure.
+0 on success, a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_authdata (krb5_storage * sp, krb5_authdata * auth)"
-.PP
-Read a auth data from the storage.
+Read a auth data from the storage\&.
.PP
\fBParameters:\fP
.RS 4
@@ -218,13 +236,12 @@ Read a auth data from the storage.
.PP
\fBReturns:\fP
.RS 4
-0 on success, a Kerberos 5 error code on failure.
+0 on success, a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_creds (krb5_storage * sp, krb5_creds * creds)"
-.PP
-Read a credentials block from the storage.
+Read a credentials block from the storage\&.
.PP
\fBParameters:\fP
.RS 4
@@ -235,13 +252,12 @@ Read a credentials block from the storage.
.PP
\fBReturns:\fP
.RS 4
-0 on success, a Kerberos 5 error code on failure.
+0 on success, a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_creds_tag (krb5_storage * sp, krb5_creds * creds)"
-.PP
-Read a tagged credentials block from the storage.
+Read a tagged credentials block from the storage\&.
.PP
\fBParameters:\fP
.RS 4
@@ -252,13 +268,12 @@ Read a tagged credentials block from the storage.
.PP
\fBReturns:\fP
.RS 4
-0 on success, a Kerberos 5 error code on failure.
+0 on success, a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_data (krb5_storage * sp, krb5_data * data)"
-.PP
-Parse a data from the storage.
+Parse a data from the storage\&.
.PP
\fBParameters:\fP
.RS 4
@@ -269,13 +284,12 @@ Parse a data from the storage.
.PP
\fBReturns:\fP
.RS 4
-0 on success, a Kerberos 5 error code on failure.
+0 on success, a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int16 (krb5_storage * sp, int16_t * value)"
-.PP
-Read a int16 from storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP.
+Read a int16 from storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP\&.
.PP
\fBParameters:\fP
.RS 4
@@ -286,13 +300,28 @@ Read a int16 from storage, byte order is controlled by the settings on the stora
.PP
\fBReturns:\fP
.RS 4
-0 for success, or a Kerberos 5 error code on failure.
+0 for success, or a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int32 (krb5_storage * sp, int32_t * value)"
+Read a int32 from storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP\&.
+.PP
+\fBParameters:\fP
+.RS 4
+\fIsp\fP the storage to write too
+.br
+\fIvalue\fP the value read from the buffer
+.RE
.PP
-Read a int32 from storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP.
+\fBReturns:\fP
+.RS 4
+0 for success, or a Kerberos 5 error code on failure\&.
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int64 (krb5_storage * sp, int64_t * value)"
+Read a int64 from storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP\&.
.PP
\fBParameters:\fP
.RS 4
@@ -303,12 +332,11 @@ Read a int32 from storage, byte order is controlled by the settings on the stora
.PP
\fBReturns:\fP
.RS 4
-0 for success, or a Kerberos 5 error code on failure.
+0 for success, or a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int8 (krb5_storage * sp, int8_t * value)"
-.PP
Read a int8 from storage
.PP
\fBParameters:\fP
@@ -320,13 +348,12 @@ Read a int8 from storage
.PP
\fBReturns:\fP
.RS 4
-0 for success, or a Kerberos 5 error code on failure.
+0 for success, or a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_keyblock (krb5_storage * sp, krb5_keyblock * p)"
-.PP
-Read a keyblock from the storage.
+Read a keyblock from the storage\&.
.PP
\fBParameters:\fP
.RS 4
@@ -337,13 +364,12 @@ Read a keyblock from the storage.
.PP
\fBReturns:\fP
.RS 4
-0 on success, a Kerberos 5 error code on failure.
+0 on success, a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_principal (krb5_storage * sp, krb5_principal * princ)"
-.PP
-Parse principal from the storage.
+Parse principal from the storage\&.
.PP
\fBParameters:\fP
.RS 4
@@ -354,13 +380,12 @@ Parse principal from the storage.
.PP
\fBReturns:\fP
.RS 4
-0 on success, a Kerberos 5 error code on failure.
+0 on success, a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_string (krb5_storage * sp, char ** string)"
-.PP
-Parse a string from the storage.
+Parse a string from the storage\&.
.PP
\fBParameters:\fP
.RS 4
@@ -371,13 +396,12 @@ Parse a string from the storage.
.PP
\fBReturns:\fP
.RS 4
-0 on success, a Kerberos 5 error code on failure.
+0 on success, a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_stringz (krb5_storage * sp, char ** string)"
-.PP
-Parse zero terminated string from the storage.
+Parse zero terminated string from the storage\&.
.PP
\fBParameters:\fP
.RS 4
@@ -388,13 +412,12 @@ Parse zero terminated string from the storage.
.PP
\fBReturns:\fP
.RS 4
-0 on success, a Kerberos 5 error code on failure.
+0 on success, a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_times (krb5_storage * sp, krb5_times * times)"
-.PP
-Read a times block from the storage.
+Read a times block from the storage\&.
.PP
\fBParameters:\fP
.RS 4
@@ -405,13 +428,12 @@ Read a times block from the storage.
.PP
\fBReturns:\fP
.RS 4
-0 on success, a Kerberos 5 error code on failure.
+0 on success, a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint16 (krb5_storage * sp, uint16_t * value)"
-.PP
-Read a int16 from storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP.
+Read a int16 from storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP\&.
.PP
\fBParameters:\fP
.RS 4
@@ -422,13 +444,28 @@ Read a int16 from storage, byte order is controlled by the settings on the stora
.PP
\fBReturns:\fP
.RS 4
-0 for success, or a Kerberos 5 error code on failure.
+0 for success, or a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint32 (krb5_storage * sp, uint32_t * value)"
+Read a uint32 from storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP\&.
+.PP
+\fBParameters:\fP
+.RS 4
+\fIsp\fP the storage to write too
+.br
+\fIvalue\fP the value read from the buffer
+.RE
.PP
-Read a uint32 from storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP.
+\fBReturns:\fP
+.RS 4
+0 for success, or a Kerberos 5 error code on failure\&.
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint64 (krb5_storage * sp, uint64_t * value)"
+Read a uint64 from storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP\&.
.PP
\fBParameters:\fP
.RS 4
@@ -439,12 +476,11 @@ Read a uint32 from storage, byte order is controlled by the settings on the stor
.PP
\fBReturns:\fP
.RS 4
-0 for success, or a Kerberos 5 error code on failure.
+0 for success, or a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint8 (krb5_storage * sp, uint8_t * value)"
-.PP
Read a uint8 from storage
.PP
\fBParameters:\fP
@@ -456,12 +492,11 @@ Read a uint8 from storage
.PP
\fBReturns:\fP
.RS 4
-0 for success, or a Kerberos 5 error code on failure.
+0 for success, or a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_clear_flags (krb5_storage * sp, krb5_flags flags)"
-.PP
Clear the flags on a storage buffer
.PP
\fBParameters:\fP
@@ -473,12 +508,11 @@ Clear the flags on a storage buffer
.PP
.SS "KRB5_LIB_FUNCTION krb5_storage* KRB5_LIB_CALL krb5_storage_emem (void)"
-.PP
-Create a elastic (allocating) memory storage backend. Memory is allocated on demand. Free returned krb5_storage with \fBkrb5_storage_free()\fP.
+Create a elastic (allocating) memory storage backend\&. Memory is allocated on demand\&. Free returned krb5_storage with \fBkrb5_storage_free()\fP\&.
.PP
\fBReturns:\fP
.RS 4
-A krb5_storage on success, or NULL on out of memory error.
+A krb5_storage on success, or NULL on out of memory error\&.
.RE
.PP
\fBSee also:\fP
@@ -490,31 +524,31 @@ A krb5_storage on success, or NULL on out of memory error.
\fBkrb5_storage_from_fd()\fP
.PP
\fBkrb5_storage_from_data()\fP
+.PP
+\fBkrb5_storage_from_socket()\fP
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_storage_free (krb5_storage * sp)"
-.PP
-Free a krb5 storage.
+Free a krb5 storage\&.
.PP
\fBParameters:\fP
.RS 4
-\fIsp\fP the storage to free.
+\fIsp\fP the storage to free\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-An Kerberos 5 error code.
+An Kerberos 5 error code\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_storage* KRB5_LIB_CALL krb5_storage_from_data (krb5_data * data)"
-.PP
Create a fixed size memory storage block
.PP
\fBReturns:\fP
.RS 4
-A krb5_storage on success, or NULL on out of memory error.
+A krb5_storage on success, or NULL on out of memory error\&.
.RE
.PP
\fBSee also:\fP
@@ -529,11 +563,12 @@ krb5_storage_mem()
.RE
.PP
-.SS "KRB5_LIB_FUNCTION krb5_storage* KRB5_LIB_CALL krb5_storage_from_fd (krb5_socket_t fd_in)"
+.SS "KRB5_LIB_FUNCTION krb5_storage* KRB5_LIB_CALL krb5_storage_from_fd (int fd_in)"
+
.PP
\fBReturns:\fP
.RS 4
-A krb5_storage on success, or NULL on out of memory error.
+A krb5_storage on success, or NULL on out of memory error\&.
.RE
.PP
\fBSee also:\fP
@@ -545,16 +580,17 @@ A krb5_storage on success, or NULL on out of memory error.
\fBkrb5_storage_from_readonly_mem()\fP
.PP
\fBkrb5_storage_from_data()\fP
+.PP
+\fBkrb5_storage_from_socket()\fP
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_storage* KRB5_LIB_CALL krb5_storage_from_mem (void * buf, size_t len)"
-.PP
Create a fixed size memory storage block
.PP
\fBReturns:\fP
.RS 4
-A krb5_storage on success, or NULL on out of memory error.
+A krb5_storage on success, or NULL on out of memory error\&.
.RE
.PP
\fBSee also:\fP
@@ -566,16 +602,17 @@ krb5_storage_mem()
\fBkrb5_storage_from_data()\fP
.PP
\fBkrb5_storage_from_fd()\fP
+.PP
+\fBkrb5_storage_from_socket()\fP
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_storage* KRB5_LIB_CALL krb5_storage_from_readonly_mem (const void * buf, size_t len)"
-.PP
Create a fixed size memory storage block that is read only
.PP
\fBReturns:\fP
.RS 4
-A krb5_storage on success, or NULL on out of memory error.
+A krb5_storage on success, or NULL on out of memory error\&.
.RE
.PP
\fBSee also:\fP
@@ -590,12 +627,46 @@ krb5_storage_mem()
.RE
.PP
-.SS "KRB5_LIB_FUNCTION krb5_flags KRB5_LIB_CALL krb5_storage_get_byteorder (krb5_storage * sp)"
+.SS "KRB5_LIB_FUNCTION krb5_storage* KRB5_LIB_CALL krb5_storage_from_socket (krb5_socket_t sock_in)"
+
.PP
-Return the current byteorder for the buffer. See \fBkrb5_storage_set_byteorder()\fP for the list or byte order contants.
-.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_storage_get_eof_code (krb5_storage * sp)"
+\fBReturns:\fP
+.RS 4
+A krb5_storage on success, or NULL on out of memory error\&.
+.RE
.PP
-Get the return code that will be used when end of storage is reached.
+\fBSee also:\fP
+.RS 4
+\fBkrb5_storage_emem()\fP
+.PP
+\fBkrb5_storage_from_mem()\fP
+.PP
+\fBkrb5_storage_from_readonly_mem()\fP
+.PP
+\fBkrb5_storage_from_data()\fP
+.PP
+\fBkrb5_storage_from_fd()\fP
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_storage_fsync (krb5_storage * sp)"
+Sync the storage buffer to its backing store\&. If there is no backing store this function will return success\&.
+.PP
+\fBParameters:\fP
+.RS 4
+\fIsp\fP the storage buffer to sync
+.RE
+.PP
+\fBReturns:\fP
+.RS 4
+A Kerberos 5 error code
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_flags KRB5_LIB_CALL krb5_storage_get_byteorder (krb5_storage * sp)"
+Return the current byteorder for the buffer\&. See \fBkrb5_storage_set_byteorder()\fP for the list or byte order contants\&.
+.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_storage_get_eof_code (krb5_storage * sp)"
+Get the return code that will be used when end of storage is reached\&.
.PP
\fBParameters:\fP
.RS 4
@@ -609,8 +680,7 @@ storage error code
.PP
.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_storage_is_flags (krb5_storage * sp, krb5_flags flags)"
-.PP
-Return true or false depending on if the storage flags is set or not. NB testing for the flag 0 always return true.
+Return true or false depending on if the storage flags is set or not\&. NB testing for the flag 0 always return true\&.
.PP
\fBParameters:\fP
.RS 4
@@ -621,13 +691,12 @@ Return true or false depending on if the storage flags is set or not. NB testing
.PP
\fBReturns:\fP
.RS 4
-true if all the flags are set, false if not.
+true if all the flags are set, false if not\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_storage_read (krb5_storage * sp, void * buf, size_t len)"
-.PP
-Read to the storage buffer.
+Read to the storage buffer\&.
.PP
\fBParameters:\fP
.RS 4
@@ -640,21 +709,20 @@ Read to the storage buffer.
.PP
\fBReturns:\fP
.RS 4
-The length of data read (can be shorter then len), or negative on error.
+The length of data read (can be shorter then len), or negative on error\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION off_t KRB5_LIB_CALL krb5_storage_seek (krb5_storage * sp, off_t offset, int whence)"
-.PP
-Seek to a new offset.
+Seek to a new offset\&.
.PP
\fBParameters:\fP
.RS 4
-\fIsp\fP the storage buffer to seek in.
+\fIsp\fP the storage buffer to seek in\&.
.br
\fIoffset\fP the offset to seek
.br
-\fIwhence\fP relateive searching, SEEK_CUR from the current position, SEEK_END from the end, SEEK_SET absolute from the start.
+\fIwhence\fP relateive searching, SEEK_CUR from the current position, SEEK_END from the end, SEEK_SET absolute from the start\&.
.RE
.PP
\fBReturns:\fP
@@ -664,20 +732,18 @@ The new current offset
.PP
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_byteorder (krb5_storage * sp, krb5_flags byteorder)"
-.PP
-Set the new byte order of the storage buffer.
+Set the new byte order of the storage buffer\&.
.PP
\fBParameters:\fP
.RS 4
-\fIsp\fP the storage buffer to set the byte order for.
+\fIsp\fP the storage buffer to set the byte order for\&.
.br
-\fIbyteorder\fP the new byte order.
+\fIbyteorder\fP the new byte order\&.
.RE
.PP
-The byte order are: KRB5_STORAGE_BYTEORDER_BE, KRB5_STORAGE_BYTEORDER_LE and KRB5_STORAGE_BYTEORDER_HOST.
+The byte order are: KRB5_STORAGE_BYTEORDER_BE, KRB5_STORAGE_BYTEORDER_LE and KRB5_STORAGE_BYTEORDER_HOST\&.
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_eof_code (krb5_storage * sp, int code)"
-.PP
-Set the return code that will be used when end of storage is reached.
+Set the return code that will be used when end of storage is reached\&.
.PP
\fBParameters:\fP
.RS 4
@@ -688,8 +754,7 @@ Set the return code that will be used when end of storage is reached.
.PP
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_flags (krb5_storage * sp, krb5_flags flags)"
-.PP
-Add the flags on a storage buffer by or-ing in the flags to the buffer.
+Add the flags on a storage buffer by or-ing in the flags to the buffer\&.
.PP
\fBParameters:\fP
.RS 4
@@ -700,7 +765,6 @@ Add the flags on a storage buffer by or-ing in the flags to the buffer.
.PP
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_max_alloc (krb5_storage * sp, size_t size)"
-.PP
Set the max alloc value
.PP
\fBParameters:\fP
@@ -712,7 +776,6 @@ Set the max alloc value
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_storage_to_data (krb5_storage * sp, krb5_data * data)"
-.PP
Copy the contnent of storage
.PP
\fBParameters:\fP
@@ -724,30 +787,28 @@ Copy the contnent of storage
.PP
\fBReturns:\fP
.RS 4
-0 for success, or a Kerberos 5 error code on failure.
+0 for success, or a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_storage_truncate (krb5_storage * sp, off_t offset)"
-.PP
-Truncate the storage buffer in sp to offset.
+Truncate the storage buffer in sp to offset\&.
.PP
\fBParameters:\fP
.RS 4
-\fIsp\fP the storage buffer to truncate.
+\fIsp\fP the storage buffer to truncate\&.
.br
-\fIoffset\fP the offset to truncate too.
+\fIoffset\fP the offset to truncate too\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-An Kerberos 5 error code.
+An Kerberos 5 error code\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_storage_write (krb5_storage * sp, const void * buf, size_t len)"
-.PP
-Write to the storage buffer.
+Write to the storage buffer\&.
.PP
\fBParameters:\fP
.RS 4
@@ -760,115 +821,108 @@ Write to the storage buffer.
.PP
\fBReturns:\fP
.RS 4
-The length of data written (can be shorter then len), or negative on error.
+The length of data written (can be shorter then len), or negative on error\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_address (krb5_storage * sp, krb5_address p)"
-.PP
-Write a address block to storage.
+Write a address block to storage\&.
.PP
\fBParameters:\fP
.RS 4
\fIsp\fP the storage buffer to write to
.br
-\fIp\fP the address block to write.
+\fIp\fP the address block to write\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-0 on success, a Kerberos 5 error code on failure.
+0 on success, a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_addrs (krb5_storage * sp, krb5_addresses p)"
-.PP
-Write a addresses block to storage.
+Write a addresses block to storage\&.
.PP
\fBParameters:\fP
.RS 4
\fIsp\fP the storage buffer to write to
.br
-\fIp\fP the addresses block to write.
+\fIp\fP the addresses block to write\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-0 on success, a Kerberos 5 error code on failure.
+0 on success, a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_authdata (krb5_storage * sp, krb5_authdata auth)"
-.PP
-Write a auth data block to storage.
+Write a auth data block to storage\&.
.PP
\fBParameters:\fP
.RS 4
\fIsp\fP the storage buffer to write to
.br
-\fIauth\fP the auth data block to write.
+\fIauth\fP the auth data block to write\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-0 on success, a Kerberos 5 error code on failure.
+0 on success, a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_creds (krb5_storage * sp, krb5_creds * creds)"
-.PP
-Write a credentials block to storage.
+Write a credentials block to storage\&.
.PP
\fBParameters:\fP
.RS 4
\fIsp\fP the storage buffer to write to
.br
-\fIcreds\fP the creds block to write.
+\fIcreds\fP the creds block to write\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-0 on success, a Kerberos 5 error code on failure.
+0 on success, a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_creds_tag (krb5_storage * sp, krb5_creds * creds)"
-.PP
-Write a tagged credentials block to storage.
+Write a tagged credentials block to storage\&.
.PP
\fBParameters:\fP
.RS 4
\fIsp\fP the storage buffer to write to
.br
-\fIcreds\fP the creds block to write.
+\fIcreds\fP the creds block to write\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-0 on success, a Kerberos 5 error code on failure.
+0 on success, a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_data (krb5_storage * sp, krb5_data data)"
-.PP
-Store a data to the storage. The data is stored with an int32 as lenght plus the data (not padded).
+Store a data to the storage\&. The data is stored with an int32 as lenght plus the data (not padded)\&.
.PP
\fBParameters:\fP
.RS 4
\fIsp\fP the storage buffer to write to
.br
-\fIdata\fP the buffer to store.
+\fIdata\fP the buffer to store\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-0 on success, a Kerberos 5 error code on failure.
+0 on success, a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int16 (krb5_storage * sp, int16_t value)"
-.PP
-Store a int16 to storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP.
+Store a int16 to storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP\&.
.PP
\fBParameters:\fP
.RS 4
@@ -879,13 +933,28 @@ Store a int16 to storage, byte order is controlled by the settings on the storag
.PP
\fBReturns:\fP
.RS 4
-0 for success, or a Kerberos 5 error code on failure.
+0 for success, or a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int32 (krb5_storage * sp, int32_t value)"
+Store a int32 to storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP\&.
+.PP
+\fBParameters:\fP
+.RS 4
+\fIsp\fP the storage to write too
+.br
+\fIvalue\fP the value to store
+.RE
.PP
-Store a int32 to storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP.
+\fBReturns:\fP
+.RS 4
+0 for success, or a Kerberos 5 error code on failure\&.
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int64 (krb5_storage * sp, int64_t value)"
+Store a int64 to storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP\&.
.PP
\fBParameters:\fP
.RS 4
@@ -896,13 +965,12 @@ Store a int32 to storage, byte order is controlled by the settings on the storag
.PP
\fBReturns:\fP
.RS 4
-0 for success, or a Kerberos 5 error code on failure.
+0 for success, or a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int8 (krb5_storage * sp, int8_t value)"
-.PP
-Store a int8 to storage.
+Store a int8 to storage\&.
.PP
\fBParameters:\fP
.RS 4
@@ -913,13 +981,12 @@ Store a int8 to storage.
.PP
\fBReturns:\fP
.RS 4
-0 for success, or a Kerberos 5 error code on failure.
+0 for success, or a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_keyblock (krb5_storage * sp, krb5_keyblock p)"
-.PP
-Store a keyblock to the storage.
+Store a keyblock to the storage\&.
.PP
\fBParameters:\fP
.RS 4
@@ -930,81 +997,76 @@ Store a keyblock to the storage.
.PP
\fBReturns:\fP
.RS 4
-0 on success, a Kerberos 5 error code on failure.
+0 on success, a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_principal (krb5_storage * sp, krb5_const_principal p)"
-.PP
-Write a principal block to storage.
+Write a principal block to storage\&.
.PP
\fBParameters:\fP
.RS 4
\fIsp\fP the storage buffer to write to
.br
-\fIp\fP the principal block to write.
+\fIp\fP the principal block to write\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-0 on success, a Kerberos 5 error code on failure.
+0 on success, a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_string (krb5_storage * sp, const char * s)"
-.PP
-Store a string to the buffer. The data is formated as an len:uint32 plus the string itself (not padded).
+Store a string to the buffer\&. The data is formated as an len:uint32 plus the string itself (not padded)\&.
.PP
\fBParameters:\fP
.RS 4
\fIsp\fP the storage buffer to write to
.br
-\fIs\fP the string to store.
+\fIs\fP the string to store\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-0 on success, a Kerberos 5 error code on failure.
+0 on success, a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_stringz (krb5_storage * sp, const char * s)"
-.PP
-Store a zero terminated string to the buffer. The data is stored one character at a time until a NUL is stored.
+Store a zero terminated string to the buffer\&. The data is stored one character at a time until a NUL is stored\&.
.PP
\fBParameters:\fP
.RS 4
\fIsp\fP the storage buffer to write to
.br
-\fIs\fP the string to store.
+\fIs\fP the string to store\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-0 on success, a Kerberos 5 error code on failure.
+0 on success, a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_times (krb5_storage * sp, krb5_times times)"
-.PP
-Write a times block to storage.
+Write a times block to storage\&.
.PP
\fBParameters:\fP
.RS 4
\fIsp\fP the storage buffer to write to
.br
-\fItimes\fP the times block to write.
+\fItimes\fP the times block to write\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-0 on success, a Kerberos 5 error code on failure.
+0 on success, a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint16 (krb5_storage * sp, uint16_t value)"
-.PP
-Store a uint16 to storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP.
+Store a uint16 to storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP\&.
.PP
\fBParameters:\fP
.RS 4
@@ -1015,13 +1077,28 @@ Store a uint16 to storage, byte order is controlled by the settings on the stora
.PP
\fBReturns:\fP
.RS 4
-0 for success, or a Kerberos 5 error code on failure.
+0 for success, or a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint32 (krb5_storage * sp, uint32_t value)"
+Store a uint32 to storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP\&.
+.PP
+\fBParameters:\fP
+.RS 4
+\fIsp\fP the storage to write too
+.br
+\fIvalue\fP the value to store
+.RE
.PP
-Store a uint32 to storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP.
+\fBReturns:\fP
+.RS 4
+0 for success, or a Kerberos 5 error code on failure\&.
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint64 (krb5_storage * sp, uint64_t value)"
+Store a uint64 to storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP\&.
.PP
\fBParameters:\fP
.RS 4
@@ -1032,13 +1109,12 @@ Store a uint32 to storage, byte order is controlled by the settings on the stora
.PP
\fBReturns:\fP
.RS 4
-0 for success, or a Kerberos 5 error code on failure.
+0 for success, or a Kerberos 5 error code on failure\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint8 (krb5_storage * sp, uint8_t value)"
-.PP
-Store a uint8 to storage.
+Store a uint8 to storage\&.
.PP
\fBParameters:\fP
.RS 4
@@ -1049,7 +1125,10 @@ Store a uint8 to storage.
.PP
\fBReturns:\fP
.RS 4
-0 for success, or a Kerberos 5 error code on failure.
+0 for success, or a Kerberos 5 error code on failure\&.
.RE
.PP
+.SH "Author"
+.PP
+Generated automatically by Doxygen for HeimdalKerberos5library from the source code\&.
diff --git a/doc/doxyout/krb5/man/man3/krb5_storage_from_socket.3 b/doc/doxyout/krb5/man/man3/krb5_storage_from_socket.3
new file mode 100644
index 000000000000..de414358a467
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_storage_from_socket.3
@@ -0,0 +1 @@
+.so man3/krb5_storage.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_storage_fsync.3 b/doc/doxyout/krb5/man/man3/krb5_storage_fsync.3
new file mode 100644
index 000000000000..de414358a467
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_storage_fsync.3
@@ -0,0 +1 @@
+.so man3/krb5_storage.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_store_int64.3 b/doc/doxyout/krb5/man/man3/krb5_store_int64.3
new file mode 100644
index 000000000000..de414358a467
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_store_int64.3
@@ -0,0 +1 @@
+.so man3/krb5_storage.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_store_uint64.3 b/doc/doxyout/krb5/man/man3/krb5_store_uint64.3
new file mode 100644
index 000000000000..de414358a467
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_store_uint64.3
@@ -0,0 +1 @@
+.so man3/krb5_storage.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_support.3 b/doc/doxyout/krb5/man/man3/krb5_support.3
index bfb6c917b937..64264d9666a6 100644
--- a/doc/doxyout/krb5/man/man3/krb5_support.3
+++ b/doc/doxyout/krb5/man/man3/krb5_support.3
@@ -1,16 +1,38 @@
-.TH "Heimdal Kerberos 5 support functions" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*-
+.TH "krb5_support" 3 "Fri Dec 8 2017" "Version 7.5.0" "HeimdalKerberos5library" \" -*- nroff -*-
.ad l
.nh
.SH NAME
-Heimdal Kerberos 5 support functions \-
+krb5_support
+.SH SYNOPSIS
+.br
+.PP
+.SS "Data Structures"
+
+.in +1c
+.ti -1c
+.RI "struct \fBkrb5plugin_an2ln_ftable_desc\fP"
+.br
+.RI "Description of the krb5_aname_to_lname(3) plugin facility\&. "
+.ti -1c
+.RI "struct \fBkrb5plugin_db_ftable_desc\fP"
+.br
+.RI "Description of the krb5 DB plugin facility\&. "
+.ti -1c
+.RI "struct \fBkrb5plugin_kuserok_ftable_desc\fP"
+.br
+.RI "Description of the krb5_kuserok(3) plugin facility\&. "
+.in -1c
.SS "Functions"
.in +1c
.ti -1c
-.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_acl_match_string\fP (krb5_context context, const char *string, const char *format,...)"
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_acl_match_string\fP (krb5_context context, const char *string, const char *format,\&.\&.\&.)"
.br
.ti -1c
-.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_acl_match_file\fP (krb5_context context, const char *file, const char *format,...)"
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_acl_match_file\fP (krb5_context context, const char *file, const char *format,\&.\&.\&.)"
+.br
+.ti -1c
+.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_aname_to_localname\fP (krb5_context context, krb5_const_principal aname, size_t lnsize, char *lname)"
.br
.ti -1c
.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_config_parse_file_multi\fP (krb5_context context, const char *fname, krb5_config_section **res)"
@@ -19,13 +41,13 @@ Heimdal Kerberos 5 support functions \-
.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_config_file_free\fP (krb5_context context, krb5_config_section *s)"
.br
.ti -1c
-.RI "KRB5_LIB_FUNCTION const krb5_config_binding *KRB5_LIB_CALL \fBkrb5_config_get_list\fP (krb5_context context, const krb5_config_section *c,...)"
+.RI "KRB5_LIB_FUNCTION const krb5_config_binding *KRB5_LIB_CALL \fBkrb5_config_get_list\fP (krb5_context context, const krb5_config_section *c,\&.\&.\&.)"
.br
.ti -1c
.RI "KRB5_LIB_FUNCTION const krb5_config_binding *KRB5_LIB_CALL \fBkrb5_config_vget_list\fP (krb5_context context, const krb5_config_section *c, va_list args)"
.br
.ti -1c
-.RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_config_get_string\fP (krb5_context context, const krb5_config_section *c,...)"
+.RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_config_get_string\fP (krb5_context context, const krb5_config_section *c,\&.\&.\&.)"
.br
.ti -1c
.RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_config_vget_string\fP (krb5_context context, const krb5_config_section *c, va_list args)"
@@ -34,13 +56,13 @@ Heimdal Kerberos 5 support functions \-
.RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_config_vget_string_default\fP (krb5_context context, const krb5_config_section *c, const char *def_value, va_list args)"
.br
.ti -1c
-.RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_config_get_string_default\fP (krb5_context context, const krb5_config_section *c, const char *def_value,...)"
+.RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_config_get_string_default\fP (krb5_context context, const krb5_config_section *c, const char *def_value,\&.\&.\&.)"
.br
.ti -1c
.RI "KRB5_LIB_FUNCTION char **KRB5_LIB_CALL \fBkrb5_config_vget_strings\fP (krb5_context context, const krb5_config_section *c, va_list args)"
.br
.ti -1c
-.RI "KRB5_LIB_FUNCTION char **KRB5_LIB_CALL \fBkrb5_config_get_strings\fP (krb5_context context, const krb5_config_section *c,...)"
+.RI "KRB5_LIB_FUNCTION char **KRB5_LIB_CALL \fBkrb5_config_get_strings\fP (krb5_context context, const krb5_config_section *c,\&.\&.\&.)"
.br
.ti -1c
.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_config_free_strings\fP (char **strings)"
@@ -52,10 +74,10 @@ Heimdal Kerberos 5 support functions \-
.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_config_vget_bool\fP (krb5_context context, const krb5_config_section *c, va_list args)"
.br
.ti -1c
-.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_config_get_bool_default\fP (krb5_context context, const krb5_config_section *c, krb5_boolean def_value,...)"
+.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_config_get_bool_default\fP (krb5_context context, const krb5_config_section *c, krb5_boolean def_value,\&.\&.\&.)"
.br
.ti -1c
-.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_config_get_bool\fP (krb5_context context, const krb5_config_section *c,...)"
+.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_config_get_bool\fP (krb5_context context, const krb5_config_section *c,\&.\&.\&.)"
.br
.ti -1c
.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_config_vget_time_default\fP (krb5_context context, const krb5_config_section *c, int def_value, va_list args)"
@@ -64,10 +86,10 @@ Heimdal Kerberos 5 support functions \-
.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_config_vget_time\fP (krb5_context context, const krb5_config_section *c, va_list args)"
.br
.ti -1c
-.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_config_get_time_default\fP (krb5_context context, const krb5_config_section *c, int def_value,...)"
+.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_config_get_time_default\fP (krb5_context context, const krb5_config_section *c, int def_value,\&.\&.\&.)"
.br
.ti -1c
-.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_config_get_time\fP (krb5_context context, const krb5_config_section *c,...)"
+.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_config_get_time\fP (krb5_context context, const krb5_config_section *c,\&.\&.\&.)"
.br
.ti -1c
.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_expand_hostname\fP (krb5_context context, const char *orig_hostname, char **new_hostname)"
@@ -90,24 +112,23 @@ Heimdal Kerberos 5 support functions \-
.SH "Function Documentation"
.PP
-.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_acl_match_file (krb5_context context, const char * file, const char * format, ...)"
-.PP
-krb5_acl_match_file matches ACL format against each line in a file using \fBkrb5_acl_match_string()\fP. Lines starting with # are treated like comments and ignored.
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_acl_match_file (krb5_context context, const char * file, const char * format, \&.\&.\&.)"
+krb5_acl_match_file matches ACL format against each line in a file using \fBkrb5_acl_match_string()\fP\&. Lines starting with # are treated like comments and ignored\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
-\fIfile\fP file with acl listed in the file.
+\fIfile\fP file with acl listed in the file\&.
.br
-\fIformat\fP format to match.
+\fIformat\fP format to match\&.
.br
-\fI...\fP parameter to format string.
+\fI\&.\&.\&.\fP parameter to format string\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
\fBSee also:\fP
@@ -116,19 +137,18 @@ Return an error code or 0.
.RE
.PP
-.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_acl_match_string (krb5_context context, const char * string, const char * format, ...)"
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_acl_match_string (krb5_context context, const char * string, const char * format, \&.\&.\&.)"
+krb5_acl_match_string matches ACL format against a string\&.
.PP
-krb5_acl_match_string matches ACL format against a string.
-.PP
-The ACL format has three format specifiers: s, f, and r. Each specifier will retrieve one argument from the variable arguments for either matching or storing data. The input string is split up using ' ' (space) and '\\t' (tab) as a delimiter; multiple and '\\t' in a row are considered to be the same.
+The ACL format has three format specifiers: s, f, and r\&. Each specifier will retrieve one argument from the variable arguments for either matching or storing data\&. The input string is split up using ' ' (space) and '\\t' (tab) as a delimiter; multiple and '\\t' in a row are considered to be the same\&.
.PP
List of format specifiers:
.IP "\(bu" 2
-s Matches a string using strcmp(3) (case sensitive).
+s Matches a string using strcmp(3) (case sensitive)\&.
.IP "\(bu" 2
-f Matches the string with fnmatch(3). Theflags argument (the last argument) passed to the fnmatch function is 0.
+f Matches the string with fnmatch(3)\&. Theflags argument (the last argument) passed to the fnmatch function is 0\&.
.IP "\(bu" 2
-r Returns a copy of the string in the char ** passed in; the copy must be freed with free(3). There is no need to free(3) the string on error: the function will clean up and set the pointer to NULL.
+r Returns a copy of the string in the char ** passed in; the copy must be freed with free(3)\&. There is no need to free(3) the string on error: the function will clean up and set the pointer to NULL\&.
.PP
.PP
\fBParameters:\fP
@@ -139,29 +159,29 @@ r Returns a copy of the string in the char ** passed in; the copy must be freed
.br
\fIformat\fP format to match
.br
-\fI...\fP parameter to format string
+\fI\&.\&.\&.\fP parameter to format string
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0.
+Return an error code or 0\&.
.RE
.PP
.PP
.nf
- char *s;
+char *s;
- ret = krb5_acl_match_string(context, 'foo', 's', 'foo');
- if (ret)
- krb5_errx(context, 1, 'acl didn't match');
- ret = krb5_acl_match_string(context, 'foo foo baz/kaka',
- 'ss', 'foo', &s, 'foo/\\*');
- if (ret) {
- // no need to free(s) on error
- assert(s == NULL);
- krb5_errx(context, 1, 'acl didn't match');
- }
- free(s);
+ret = krb5_acl_match_string(context, "foo", "s", "foo");
+if (ret)
+ krb5_errx(context, 1, "acl didn't match");
+ret = krb5_acl_match_string(context, "foo foo baz/kaka",
+ "ss", "foo", &s, "foo/\\*");
+if (ret) {
+ // no need to free(s) on error
+ assert(s == NULL);
+ krb5_errx(context, 1, "acl didn't match");
+}
+free(s);
.fi
.PP
.PP
@@ -171,9 +191,27 @@ Return an error code or 0.
.RE
.PP
-.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_file_free (krb5_context context, krb5_config_section * s)"
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_aname_to_localname (krb5_context context, krb5_const_principal aname, size_t lnsize, char * lname)"
+Map a principal name to a local username\&.
+.PP
+Returns 0 on success, KRB5_NO_LOCALNAME if no mapping was found, or some Kerberos or system error\&.
+.PP
+Inputs:
.PP
-Free configuration file section, the result of krb5_config_parse_file() and \fBkrb5_config_parse_file_multi()\fP.
+\fBParameters:\fP
+.RS 4
+\fIcontext\fP A krb5_context
+.br
+\fIaname\fP A principal name
+.br
+\fIlnsize\fP The size of the buffer into which the username will be written
+.br
+\fIlname\fP The buffer into which the username will be written
+.RE
+.PP
+
+.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_file_free (krb5_context context, krb5_config_section * s)"
+Free configuration file section, the result of krb5_config_parse_file() and \fBkrb5_config_parse_file_multi()\fP\&.
.PP
\fBParameters:\fP
.RS 4
@@ -184,13 +222,12 @@ Free configuration file section, the result of krb5_config_parse_file() and \fBk
.PP
\fBReturns:\fP
.RS 4
-returns 0 on successes, otherwise an error code, see krb5_get_error_message()
+returns 0 on successes, otherwise an error code, see \fBkrb5_get_error_message()\fP
.RE
.PP
.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_config_free_strings (char ** strings)"
-.PP
-Free the resulting strings from krb5_config-get_strings() and \fBkrb5_config_vget_strings()\fP.
+Free the resulting strings from krb5_config-get_strings() and \fBkrb5_config_vget_strings()\fP\&.
.PP
\fBParameters:\fP
.RS 4
@@ -198,19 +235,18 @@ Free the resulting strings from krb5_config-get_strings() and \fBkrb5_config_vge
.RE
.PP
-.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_get_bool (krb5_context context, const krb5_config_section * c, ...)"
-.PP
-Like \fBkrb5_config_get_bool()\fP but with a va_list list of configuration selection.
+.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_get_bool (krb5_context context, const krb5_config_section * c, \&.\&.\&.)"
+Like \fBkrb5_config_get_bool()\fP but with a va_list list of configuration selection\&.
.PP
-Configuration value to a boolean value, where yes/true and any non-zero number means TRUE and other value is FALSE.
+Configuration value to a boolean value, where yes/true and any non-zero number means TRUE and other value is FALSE\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos 5 context.
+\fIcontext\fP A Kerberos 5 context\&.
.br
\fIc\fP a configuration section, or NULL to use the section from context
.br
-\fI...\fP a list of names, terminated with NULL.
+\fI\&.\&.\&.\fP a list of names, terminated with NULL\&.
.RE
.PP
\fBReturns:\fP
@@ -219,19 +255,18 @@ TRUE or FALSE
.RE
.PP
-.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_get_bool_default (krb5_context context, const krb5_config_section * c, krb5_boolean def_value, ...)"
-.PP
-\fBkrb5_config_get_bool_default()\fP will convert the configuration option value to a boolean value, where yes/true and any non-zero number means TRUE and other value is FALSE.
+.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_get_bool_default (krb5_context context, const krb5_config_section * c, krb5_boolean def_value, \&.\&.\&.)"
+\fBkrb5_config_get_bool_default()\fP will convert the configuration option value to a boolean value, where yes/true and any non-zero number means TRUE and other value is FALSE\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos 5 context.
+\fIcontext\fP A Kerberos 5 context\&.
.br
\fIc\fP a configuration section, or NULL to use the section from context
.br
-\fIdef_value\fP the default value to return if no configuration found in the database.
+\fIdef_value\fP the default value to return if no configuration found in the database\&.
.br
-\fI...\fP a list of names, terminated with NULL.
+\fI\&.\&.\&.\fP a list of names, terminated with NULL\&.
.RE
.PP
\fBReturns:\fP
@@ -240,17 +275,16 @@ TRUE or FALSE
.RE
.PP
-.SS "KRB5_LIB_FUNCTION const krb5_config_binding* KRB5_LIB_CALL krb5_config_get_list (krb5_context context, const krb5_config_section * c, ...)"
-.PP
+.SS "KRB5_LIB_FUNCTION const krb5_config_binding* KRB5_LIB_CALL krb5_config_get_list (krb5_context context, const krb5_config_section * c, \&.\&.\&.)"
Get a list of configuration binding list for more processing
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos 5 context.
+\fIcontext\fP A Kerberos 5 context\&.
.br
\fIc\fP a configuration section, or NULL to use the section from context
.br
-\fI...\fP a list of names, terminated with NULL.
+\fI\&.\&.\&.\fP a list of names, terminated with NULL\&.
.RE
.PP
\fBReturns:\fP
@@ -259,17 +293,16 @@ NULL if configuration list is not found, a list otherwise
.RE
.PP
-.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_get_string (krb5_context context, const krb5_config_section * c, ...)"
-.PP
-Returns a 'const char *' to a string in the configuration database. The string may not be valid after a reload of the configuration database so a caller should make a local copy if it needs to keep the string.
+.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_get_string (krb5_context context, const krb5_config_section * c, \&.\&.\&.)"
+Returns a 'const char *' to a string in the configuration database\&. The string may not be valid after a reload of the configuration database so a caller should make a local copy if it needs to keep the string\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos 5 context.
+\fIcontext\fP A Kerberos 5 context\&.
.br
\fIc\fP a configuration section, or NULL to use the section from context
.br
-\fI...\fP a list of names, terminated with NULL.
+\fI\&.\&.\&.\fP a list of names, terminated with NULL\&.
.RE
.PP
\fBReturns:\fP
@@ -278,19 +311,18 @@ NULL if configuration string not found, a string otherwise
.RE
.PP
-.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_get_string_default (krb5_context context, const krb5_config_section * c, const char * def_value, ...)"
-.PP
-Like \fBkrb5_config_get_string()\fP, but instead of returning NULL, instead return a default value.
+.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_get_string_default (krb5_context context, const krb5_config_section * c, const char * def_value, \&.\&.\&.)"
+Like \fBkrb5_config_get_string()\fP, but instead of returning NULL, instead return a default value\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos 5 context.
+\fIcontext\fP A Kerberos 5 context\&.
.br
\fIc\fP a configuration section, or NULL to use the section from context
.br
-\fIdef_value\fP the default value to return if no configuration found in the database.
+\fIdef_value\fP the default value to return if no configuration found in the database\&.
.br
-\fI...\fP a list of names, terminated with NULL.
+\fI\&.\&.\&.\fP a list of names, terminated with NULL\&.
.RE
.PP
\fBReturns:\fP
@@ -299,17 +331,16 @@ a configuration string
.RE
.PP
-.SS "KRB5_LIB_FUNCTION char** KRB5_LIB_CALL krb5_config_get_strings (krb5_context context, const krb5_config_section * c, ...)"
-.PP
-Get a list of configuration strings, free the result with \fBkrb5_config_free_strings()\fP.
+.SS "KRB5_LIB_FUNCTION char** KRB5_LIB_CALL krb5_config_get_strings (krb5_context context, const krb5_config_section * c, \&.\&.\&.)"
+Get a list of configuration strings, free the result with \fBkrb5_config_free_strings()\fP\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos 5 context.
+\fIcontext\fP A Kerberos 5 context\&.
.br
\fIc\fP a configuration section, or NULL to use the section from context
.br
-\fI...\fP a list of names, terminated with NULL.
+\fI\&.\&.\&.\fP a list of names, terminated with NULL\&.
.RE
.PP
\fBReturns:\fP
@@ -318,17 +349,16 @@ TRUE or FALSE
.RE
.PP
-.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_time (krb5_context context, const krb5_config_section * c, ...)"
-.PP
+.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_time (krb5_context context, const krb5_config_section * c, \&.\&.\&.)"
Get the time from the configuration file using a relative time, for example: 1h30s
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos 5 context.
+\fIcontext\fP A Kerberos 5 context\&.
.br
\fIc\fP a configuration section, or NULL to use the section from context
.br
-\fI...\fP a list of names, terminated with NULL.
+\fI\&.\&.\&.\fP a list of names, terminated with NULL\&.
.RE
.PP
\fBReturns:\fP
@@ -337,19 +367,18 @@ parsed the time or -1 on error
.RE
.PP
-.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_time_default (krb5_context context, const krb5_config_section * c, int def_value, ...)"
-.PP
+.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_time_default (krb5_context context, const krb5_config_section * c, int def_value, \&.\&.\&.)"
Get the time from the configuration file using a relative time, for example: 1h30s
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos 5 context.
+\fIcontext\fP A Kerberos 5 context\&.
.br
\fIc\fP a configuration section, or NULL to use the section from context
.br
-\fIdef_value\fP the default value to return if no configuration found in the database.
+\fIdef_value\fP the default value to return if no configuration found in the database\&.
.br
-\fI...\fP a list of names, terminated with NULL.
+\fI\&.\&.\&.\fP a list of names, terminated with NULL\&.
.RE
.PP
\fBReturns:\fP
@@ -359,33 +388,29 @@ parsed the time (or def_value on parse error)
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_parse_file_multi (krb5_context context, const char * fname, krb5_config_section ** res)"
-.PP
-Parse a configuration file and add the result into res. This interface can be used to parse several configuration files into one resulting krb5_config_section by calling it repeatably.
+Parse a configuration file and add the result into res\&. This interface can be used to parse several configuration files into one resulting krb5_config_section by calling it repeatably\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP a Kerberos 5 context.
+\fIcontext\fP a Kerberos 5 context\&.
.br
\fIfname\fP a file name to a Kerberos configuration file
.br
-\fIres\fP the returned result, must be free with \fBkrb5_free_config_files()\fP.
+\fIres\fP the returned result, must be free with \fBkrb5_free_config_files()\fP\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
-
-.PP
-If the fname starts with '~/' parse configuration file in the current users home directory. The behavior can be disabled and enabled by calling \fBkrb5_set_home_dir_access()\fP.
+If the fname starts with '~/' parse configuration file in the current users home directory\&. The behavior can be disabled and enabled by calling \fBkrb5_set_home_dir_access()\fP\&.
.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_vget_bool (krb5_context context, const krb5_config_section * c, va_list args)"
-.PP
-\fBkrb5_config_get_bool()\fP will convert the configuration option value to a boolean value, where yes/true and any non-zero number means TRUE and other value is FALSE.
+\fBkrb5_config_get_bool()\fP will convert the configuration option value to a boolean value, where yes/true and any non-zero number means TRUE and other value is FALSE\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos 5 context.
+\fIcontext\fP A Kerberos 5 context\&.
.br
\fIc\fP a configuration section, or NULL to use the section from context
.br
@@ -399,18 +424,17 @@ TRUE or FALSE
.PP
.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_vget_bool_default (krb5_context context, const krb5_config_section * c, krb5_boolean def_value, va_list args)"
+Like \fBkrb5_config_get_bool_default()\fP but with a va_list list of configuration selection\&.
.PP
-Like \fBkrb5_config_get_bool_default()\fP but with a va_list list of configuration selection.
-.PP
-Configuration value to a boolean value, where yes/true and any non-zero number means TRUE and other value is FALSE.
+Configuration value to a boolean value, where yes/true and any non-zero number means TRUE and other value is FALSE\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos 5 context.
+\fIcontext\fP A Kerberos 5 context\&.
.br
\fIc\fP a configuration section, or NULL to use the section from context
.br
-\fIdef_value\fP the default value to return if no configuration found in the database.
+\fIdef_value\fP the default value to return if no configuration found in the database\&.
.br
\fIargs\fP a va_list of arguments
.RE
@@ -422,12 +446,11 @@ TRUE or FALSE
.PP
.SS "KRB5_LIB_FUNCTION const krb5_config_binding* KRB5_LIB_CALL krb5_config_vget_list (krb5_context context, const krb5_config_section * c, va_list args)"
-.PP
Get a list of configuration binding list for more processing
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos 5 context.
+\fIcontext\fP A Kerberos 5 context\&.
.br
\fIc\fP a configuration section, or NULL to use the section from context
.br
@@ -441,12 +464,11 @@ NULL if configuration list is not found, a list otherwise
.PP
.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_vget_string (krb5_context context, const krb5_config_section * c, va_list args)"
-.PP
-Like \fBkrb5_config_get_string()\fP, but uses a va_list instead of ...
+Like \fBkrb5_config_get_string()\fP, but uses a va_list instead of \&.\&.\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos 5 context.
+\fIcontext\fP A Kerberos 5 context\&.
.br
\fIc\fP a configuration section, or NULL to use the section from context
.br
@@ -460,16 +482,15 @@ NULL if configuration string not found, a string otherwise
.PP
.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_vget_string_default (krb5_context context, const krb5_config_section * c, const char * def_value, va_list args)"
-.PP
-Like \fBkrb5_config_vget_string()\fP, but instead of returning NULL, instead return a default value.
+Like \fBkrb5_config_vget_string()\fP, but instead of returning NULL, instead return a default value\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos 5 context.
+\fIcontext\fP A Kerberos 5 context\&.
.br
\fIc\fP a configuration section, or NULL to use the section from context
.br
-\fIdef_value\fP the default value to return if no configuration found in the database.
+\fIdef_value\fP the default value to return if no configuration found in the database\&.
.br
\fIargs\fP a va_list of arguments
.RE
@@ -481,12 +502,11 @@ a configuration string
.PP
.SS "KRB5_LIB_FUNCTION char** KRB5_LIB_CALL krb5_config_vget_strings (krb5_context context, const krb5_config_section * c, va_list args)"
-.PP
-Get a list of configuration strings, free the result with \fBkrb5_config_free_strings()\fP.
+Get a list of configuration strings, free the result with \fBkrb5_config_free_strings()\fP\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos 5 context.
+\fIcontext\fP A Kerberos 5 context\&.
.br
\fIc\fP a configuration section, or NULL to use the section from context
.br
@@ -500,12 +520,11 @@ TRUE or FALSE
.PP
.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_time (krb5_context context, const krb5_config_section * c, va_list args)"
-.PP
Get the time from the configuration file using a relative time, for example: 1h30s
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos 5 context.
+\fIcontext\fP A Kerberos 5 context\&.
.br
\fIc\fP a configuration section, or NULL to use the section from context
.br
@@ -519,18 +538,17 @@ parsed the time or -1 on error
.PP
.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_time_default (krb5_context context, const krb5_config_section * c, int def_value, va_list args)"
+Get the time from the configuration file using a relative time\&.
.PP
-Get the time from the configuration file using a relative time.
-.PP
-Like \fBkrb5_config_get_time_default()\fP but with a va_list list of configuration selection.
+Like \fBkrb5_config_get_time_default()\fP but with a va_list list of configuration selection\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos 5 context.
+\fIcontext\fP A Kerberos 5 context\&.
.br
\fIc\fP a configuration section, or NULL to use the section from context
.br
-\fIdef_value\fP the default value to return if no configuration found in the database.
+\fIdef_value\fP the default value to return if no configuration found in the database\&.
.br
\fIargs\fP a va_list of arguments
.RE
@@ -542,79 +560,75 @@ parsed the time (or def_value on parse error)
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_expand_hostname (krb5_context context, const char * orig_hostname, char ** new_hostname)"
-.PP
-\fBkrb5_expand_hostname()\fP tries to make orig_hostname into a more canonical one in the newly allocated space returned in new_hostname.
+\fBkrb5_expand_hostname()\fP tries to make orig_hostname into a more canonical one in the newly allocated space returned in new_hostname\&.
.PP
\fBParameters:\fP
.RS 4
\fIcontext\fP a Keberos context
.br
-\fIorig_hostname\fP hostname to canonicalise.
+\fIorig_hostname\fP hostname to canonicalise\&.
.br
-\fInew_hostname\fP output hostname, caller must free hostname with krb5_xfree().
+\fInew_hostname\fP output hostname, caller must free hostname with krb5_xfree()\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_expand_hostname_realms (krb5_context context, const char * orig_hostname, char ** new_hostname, char *** realms)"
-.PP
-\fBkrb5_expand_hostname_realms()\fP expands orig_hostname to a name we believe to be a hostname in newly allocated space in new_hostname and return the realms new_hostname is believed to belong to in realms.
+\fBkrb5_expand_hostname_realms()\fP expands orig_hostname to a name we believe to be a hostname in newly allocated space in new_hostname and return the realms new_hostname is believed to belong to in realms\&.
.PP
\fBParameters:\fP
.RS 4
\fIcontext\fP a Keberos context
.br
-\fIorig_hostname\fP hostname to canonicalise.
+\fIorig_hostname\fP hostname to canonicalise\&.
.br
-\fInew_hostname\fP output hostname, caller must free hostname with krb5_xfree().
+\fInew_hostname\fP output hostname, caller must free hostname with krb5_xfree()\&.
.br
-\fIrealms\fP output possible realms, is an array that is terminated with NULL. Caller must free with \fBkrb5_free_host_realm()\fP.
+\fIrealms\fP output possible realms, is an array that is terminated with NULL\&. Caller must free with \fBkrb5_free_host_realm()\fP\&.
.RE
.PP
\fBReturns:\fP
.RS 4
-Return an error code or 0, see krb5_get_error_message().
+Return an error code or 0, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_host_realm (krb5_context context, krb5_realm * realmlist)"
-.PP
Free all memory allocated by `realmlist'
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP A Kerberos 5 context.
+\fIcontext\fP A Kerberos 5 context\&.
.br
\fIrealmlist\fP realmlist to free, NULL is ok
.RE
.PP
\fBReturns:\fP
.RS 4
-a Kerberos error code, always 0.
+a Kerberos error code, always 0\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_kuserok (krb5_context context, krb5_principal principal, const char * luser)"
+This function takes the name of a local user and checks if principal is allowed to log in as that user\&.
.PP
-This function takes the name of a local user and checks if principal is allowed to log in as that user.
+The user may have a ~/\&.k5login file listing principals that are allowed to login as that user\&. If that file does not exist, all principals with a only one component that is identical to the username, and a realm considered local, are allowed access\&.
.PP
-The user may have a ~/.k5login file listing principals that are allowed to login as that user. If that file does not exist, all principals with a first component identical to the username, and a realm considered local, are allowed access.
+The \&.k5login file must contain one principal per line, be owned by user and not be writable by group or other (but must be readable by anyone)\&.
.PP
-The .k5login file must contain one principal per line, be owned by user and not be writable by group or other (but must be readable by anyone).
+Note that if the file exists, no implicit access rights are given to user@LOCALREALM\&.
.PP
-Note that if the file exists, no implicit access rights are given to user@LOCALREALM.
+Optionally, a set of files may be put in ~/\&.k5login\&.d (a directory), in which case they will all be checked in the same manner as \&.k5login\&. The files may be called anything, but files starting with a hash (#) , or ending with a tilde (~) are ignored\&. Subdirectories are not traversed\&. Note that this directory may not be checked by other Kerberos implementations\&.
.PP
-Optionally, a set of files may be put in ~/.k5login.d (a directory), in which case they will all be checked in the same manner as .k5login. The files may be called anything, but files starting with a hash (#) , or ending with a tilde (~) are ignored. Subdirectories are not traversed. Note that this directory may not be checked by other Kerberos implementations.
-.PP
-If no configuration file exists, match user against local domains, ie luser@LOCAL-REALMS-IN-CONFIGURATION-FILES.
+If no configuration file exists, match user against local domains, ie luser@LOCAL-REALMS-IN-CONFIGURATION-FILES\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
\fIprincipal\fP principal to check if allowed to login
.br
@@ -623,13 +637,12 @@ If no configuration file exists, match user against local domains, ie luser@LOCA
.PP
\fBReturns:\fP
.RS 4
-returns TRUE if access should be granted, FALSE otherwise.
+returns TRUE if access should be granted, FALSE otherwise\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_plugin_register (krb5_context context, enum krb5_plugin_type type, const char * name, void * symbol)"
-.PP
-Register a plugin symbol name of specific type.
+Register a plugin symbol name of specific type\&.
.PP
\fBParameters:\fP
.RS 4
@@ -644,7 +657,10 @@ Register a plugin symbol name of specific type.
.PP
\fBReturns:\fP
.RS 4
-In case of error a non zero error com_err error is returned and the Kerberos error string is set.
+In case of error a non zero error com_err error is returned and the Kerberos error string is set\&.
.RE
.PP
+.SH "Author"
+.PP
+Generated automatically by Doxygen for HeimdalKerberos5library from the source code\&.
diff --git a/doc/doxyout/krb5/man/man3/krb5_ticket.3 b/doc/doxyout/krb5/man/man3/krb5_ticket.3
index 0b2ee9d01e2e..363170b7cfb0 100644
--- a/doc/doxyout/krb5/man/man3/krb5_ticket.3
+++ b/doc/doxyout/krb5/man/man3/krb5_ticket.3
@@ -1,8 +1,11 @@
-.TH "Heimdal Kerberos 5 ticket functions" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*-
+.TH "krb5_ticket" 3 "Fri Dec 8 2017" "Version 7.5.0" "HeimdalKerberos5library" \" -*- nroff -*-
.ad l
.nh
.SH NAME
-Heimdal Kerberos 5 ticket functions \-
+krb5_ticket
+.SH SYNOPSIS
+.br
+.PP
.SS "Functions"
.in +1c
@@ -16,7 +19,6 @@ Heimdal Kerberos 5 ticket functions \-
.SH "Function Documentation"
.PP
.SS "KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL krb5_ticket_get_flags (krb5_context context, const krb5_ticket * ticket)"
-.PP
Get the flags from the Kerberos ticket
.PP
\fBParameters:\fP
@@ -32,3 +34,6 @@ ticket flags
.RE
.PP
+.SH "Author"
+.PP
+Generated automatically by Doxygen for HeimdalKerberos5library from the source code\&.
diff --git a/doc/doxyout/krb5/man/man3/krb5_v4compat.3 b/doc/doxyout/krb5/man/man3/krb5_v4compat.3
index ccc17a641a5a..bd6e8f710a37 100644
--- a/doc/doxyout/krb5/man/man3/krb5_v4compat.3
+++ b/doc/doxyout/krb5/man/man3/krb5_v4compat.3
@@ -1,8 +1,11 @@
-.TH "Heimdal Kerberos 4 compatiblity functions" 3 "11 Jan 2012" "Version 1.5.2" "HeimdalKerberos5library" \" -*- nroff -*-
+.TH "krb5_v4compat" 3 "Fri Dec 8 2017" "Version 7.5.0" "HeimdalKerberos5library" \" -*- nroff -*-
.ad l
.nh
.SH NAME
-Heimdal Kerberos 4 compatiblity functions \-
+krb5_v4compat
+.SH SYNOPSIS
+.br
+.PP
.SS "Functions"
.in +1c
@@ -19,12 +22,11 @@ Heimdal Kerberos 4 compatiblity functions \-
.SH "Function Documentation"
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb524_convert_creds_kdc (krb5_context context, krb5_creds * in_cred, struct credentials * v4creds)"
-.PP
-Convert the v5 credentials in in_cred to v4-dito in v4creds. This is done by sending them to the 524 function in the KDC. If `in_cred' doesn't contain a DES session key, then a new one is gotten from the KDC and stored in the cred cache `ccache'.
+Convert the v5 credentials in in_cred to v4-dito in v4creds\&. This is done by sending them to the 524 function in the KDC\&. If `in_cred' doesn't contain a DES session key, then a new one is gotten from the KDC and stored in the cred cache `ccache'\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
\fIin_cred\fP the credential to convert
.br
@@ -33,19 +35,18 @@ Convert the v5 credentials in in_cred to v4-dito in v4creds. This is done by sen
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb524_convert_creds_kdc_ccache (krb5_context context, krb5_ccache ccache, krb5_creds * in_cred, struct credentials * v4creds)"
-.PP
-Convert the v5 credentials in in_cred to v4-dito in v4creds, check the credential cache ccache before checking with the KDC.
+Convert the v5 credentials in in_cred to v4-dito in v4creds, check the credential cache ccache before checking with the KDC\&.
.PP
\fBParameters:\fP
.RS 4
-\fIcontext\fP Kerberos 5 context.
+\fIcontext\fP Kerberos 5 context\&.
.br
-\fIccache\fP credential cache used to check for des-ticket.
+\fIccache\fP credential cache used to check for des-ticket\&.
.br
\fIin_cred\fP the credential to convert
.br
@@ -54,7 +55,10 @@ Convert the v5 credentials in in_cred to v4-dito in v4creds, check the credentia
.PP
\fBReturns:\fP
.RS 4
-Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+Returns 0 to indicate success\&. Otherwise an kerberos et error code is returned, see \fBkrb5_get_error_message()\fP\&.
.RE
.PP
+.SH "Author"
+.PP
+Generated automatically by Doxygen for HeimdalKerberos5library from the source code\&.
diff --git a/doc/doxyout/krb5/man/man3/krb5_vabort.3 b/doc/doxyout/krb5/man/man3/krb5_vabort.3
new file mode 100644
index 000000000000..f721fda2cd4b
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_vabort.3
@@ -0,0 +1 @@
+.so man3/krb5_error.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_verr.3 b/doc/doxyout/krb5/man/man3/krb5_verr.3
new file mode 100644
index 000000000000..f721fda2cd4b
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_verr.3
@@ -0,0 +1 @@
+.so man3/krb5_error.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_verrx.3 b/doc/doxyout/krb5/man/man3/krb5_verrx.3
new file mode 100644
index 000000000000..f721fda2cd4b
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_verrx.3
@@ -0,0 +1 @@
+.so man3/krb5_error.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_vprepend_error_message.3 b/doc/doxyout/krb5/man/man3/krb5_vprepend_error_message.3
new file mode 100644
index 000000000000..f721fda2cd4b
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_vprepend_error_message.3
@@ -0,0 +1 @@
+.so man3/krb5_error.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_vset_error_message.3 b/doc/doxyout/krb5/man/man3/krb5_vset_error_message.3
new file mode 100644
index 000000000000..f721fda2cd4b
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_vset_error_message.3
@@ -0,0 +1 @@
+.so man3/krb5_error.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_vwarnx.3 b/doc/doxyout/krb5/man/man3/krb5_vwarnx.3
new file mode 100644
index 000000000000..f721fda2cd4b
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_vwarnx.3
@@ -0,0 +1 @@
+.so man3/krb5_error.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_warn.3 b/doc/doxyout/krb5/man/man3/krb5_warn.3
new file mode 100644
index 000000000000..f721fda2cd4b
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_warn.3
@@ -0,0 +1 @@
+.so man3/krb5_error.3
diff --git a/doc/doxyout/krb5/man/man3/krb5_warnx.3 b/doc/doxyout/krb5/man/man3/krb5_warnx.3
new file mode 100644
index 000000000000..f721fda2cd4b
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5_warnx.3
@@ -0,0 +1 @@
+.so man3/krb5_error.3
diff --git a/doc/doxyout/krb5/man/man3/krb5plugin_an2ln_ftable_desc.3 b/doc/doxyout/krb5/man/man3/krb5plugin_an2ln_ftable_desc.3
new file mode 100644
index 000000000000..e5928cc1662f
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5plugin_an2ln_ftable_desc.3
@@ -0,0 +1,52 @@
+.TH "krb5plugin_an2ln_ftable_desc" 3 "Fri Dec 8 2017" "Version 7.5.0" "HeimdalKerberos5library" \" -*- nroff -*-
+.ad l
+.nh
+.SH NAME
+krb5plugin_an2ln_ftable_desc \- Description of the krb5_aname_to_lname(3) plugin facility\&.
+
+.SH SYNOPSIS
+.br
+.PP
+.PP
+\fC#include <an2ln_plugin\&.h>\fP
+.SH "Detailed Description"
+.PP
+Description of the krb5_aname_to_lname(3) plugin facility\&.
+
+The krb5_aname_to_lname(3) function is pluggable\&. The plugin is named KRB5_PLUGIN_AN2LN ('an2ln'), with a single minor version, KRB5_PLUGIN_AN2LN_VERSION_0 (0)\&.
+.PP
+The plugin for krb5_aname_to_lname(3) consists of a data symbol referencing a structure of type krb5plugin_an2ln_ftable, with four fields:
+.PP
+\fBParameters:\fP
+.RS 4
+\fIinit\fP Plugin initialization function (see krb5-plugin(7))
+.br
+\fIminor_version\fP The plugin minor version number (0)
+.br
+\fIfini\fP Plugin finalization function
+.br
+\fIan2ln\fP Plugin aname_to_lname function
+.RE
+.PP
+The an2ln field is the plugin entry point that performs the traditional aname_to_lname operation however the plugin desires\&. It is invoked in no particular order relative to other an2ln plugins, but it has a 'rule' argument that indicates which plugin is intended to act on the rule\&. The plugin an2ln function must return KRB5_PLUGIN_NO_HANDLE if the rule is not applicable to it\&.
+.PP
+The plugin an2ln function has the following arguments, in this order:
+.PP
+.IP "1." 4
+plug_ctx, the context value output by the plugin's init function
+.IP "2." 4
+context, a krb5_context
+.IP "3." 4
+rule, the aname_to_lname rule being evaluated (from krb5\&.conf(5))
+.IP "4." 4
+aname, the krb5_principal to be mapped to an lname
+.IP "5." 4
+set_res_f, a function the plugin must call to set its result
+.IP "6." 4
+set_res_ctx, the first argument to set_res_f (the second is the result lname string)
+.PP
+
+
+.SH "Author"
+.PP
+Generated automatically by Doxygen for HeimdalKerberos5library from the source code\&.
diff --git a/doc/doxyout/krb5/man/man3/krb5plugin_db_ftable_desc.3 b/doc/doxyout/krb5/man/man3/krb5plugin_db_ftable_desc.3
new file mode 100644
index 000000000000..7c516d9f2166
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5plugin_db_ftable_desc.3
@@ -0,0 +1,33 @@
+.TH "krb5plugin_db_ftable_desc" 3 "Fri Dec 8 2017" "Version 7.5.0" "HeimdalKerberos5library" \" -*- nroff -*-
+.ad l
+.nh
+.SH NAME
+krb5plugin_db_ftable_desc \- Description of the krb5 DB plugin facility\&.
+
+.SH SYNOPSIS
+.br
+.PP
+.PP
+\fC#include <db_plugin\&.h>\fP
+.SH "Detailed Description"
+.PP
+Description of the krb5 DB plugin facility\&.
+
+The krb5_aname_to_lname(3) function's DB rule is pluggable\&. The plugin is named KRB5_PLUGIN_DB ('krb5_db_plug'), with a single minor version, KRB5_PLUGIN_DB_VERSION_0 (0)\&.
+.PP
+The plugin consists of a data symbol referencing a structure of type \fBkrb5plugin_db_ftable_desc\fP, with three fields:
+.PP
+\fBParameters:\fP
+.RS 4
+\fIinit\fP Plugin initialization function (see krb5-plugin(7))
+.br
+\fIminor_version\fP The plugin minor version number (0)
+.br
+\fIfini\fP Plugin finalization function
+.RE
+.PP
+The init entry point is expected to call heim_db_register()\&. The fini entry point is expected to do nothing\&.
+
+.SH "Author"
+.PP
+Generated automatically by Doxygen for HeimdalKerberos5library from the source code\&.
diff --git a/doc/doxyout/krb5/man/man3/krb5plugin_kuserok_ftable_desc.3 b/doc/doxyout/krb5/man/man3/krb5plugin_kuserok_ftable_desc.3
new file mode 100644
index 000000000000..ffa6e650ab57
--- /dev/null
+++ b/doc/doxyout/krb5/man/man3/krb5plugin_kuserok_ftable_desc.3
@@ -0,0 +1,56 @@
+.TH "krb5plugin_kuserok_ftable_desc" 3 "Fri Dec 8 2017" "Version 7.5.0" "HeimdalKerberos5library" \" -*- nroff -*-
+.ad l
+.nh
+.SH NAME
+krb5plugin_kuserok_ftable_desc \- Description of the krb5_kuserok(3) plugin facility\&.
+
+.SH SYNOPSIS
+.br
+.PP
+.PP
+\fC#include <kuserok_plugin\&.h>\fP
+.SH "Detailed Description"
+.PP
+Description of the krb5_kuserok(3) plugin facility\&.
+
+The krb5_kuserok(3) function is pluggable\&. The plugin is named KRB5_PLUGIN_KUSEROK ('krb5_plugin_kuserok'), with a single minor version, KRB5_PLUGIN_KUSEROK_VERSION_0 (0)\&.
+.PP
+The plugin for krb5_kuserok(3) consists of a data symbol referencing a structure of type krb5plugin_kuserok_ftable, with four fields:
+.PP
+\fBParameters:\fP
+.RS 4
+\fIinit\fP Plugin initialization function (see krb5-plugin(7))
+.br
+\fIminor_version\fP The plugin minor version number (0)
+.br
+\fIfini\fP Plugin finalization function
+.br
+\fIkuserok\fP Plugin kuserok function
+.RE
+.PP
+The kuserok field is the plugin entry point that performs the traditional kuserok operation however the plugin desires\&. It is invoked in no particular order relative to other kuserok plugins, but it has a 'rule' argument that indicates which plugin is intended to act on the rule\&. The plugin kuserok function must return KRB5_PLUGIN_NO_HANDLE if the rule is not applicable to it\&.
+.PP
+The plugin kuserok function has the following arguments, in this order:
+.PP
+.IP "1." 4
+plug_ctx, the context value output by the plugin's init function
+.IP "2." 4
+context, a krb5_context
+.IP "3." 4
+rule, the kuserok rule being evaluated (from krb5\&.conf(5))
+.IP "4." 4
+flags
+.IP "5." 4
+k5login_dir, configured location of k5login per-user files if any
+.IP "6." 4
+luser, name of the local user account to which principal is attempting to access\&.
+.IP "7." 4
+principal, the krb5_principal trying to access the luser account
+.IP "8." 4
+result, a krb5_boolean pointer where the plugin will output its result
+.PP
+
+
+.SH "Author"
+.PP
+Generated automatically by Doxygen for HeimdalKerberos5library from the source code\&.