Imported Upstream version 1.1

author: Russ Allbery <eagle@eyrie.org> 2014-07-16 13:43:17 -0700
committer: Russ Allbery <eagle@eyrie.org> 2014-07-16 13:43:17 -0700
commit: 6409733ee3b7b1910dc1c166a392cc628834146c (patch)
tree: e9460f8f2ca0f3676afeed2a9dcf549acfc39b53 /server
parent: 334ed844cbb5c8f7ea82a94c701a3016dd6950b9 (diff)
parent: f8963ceb19cd2b503b981f43a3f8c0f45649989f (diff)
8 files changed, 143 insertions, 102 deletions
diff --git a/server/keytab-backend b/server/keytab-backend
index b0116c7..bd5a3f9 100755
--- a/server/keytab-backend
+++ b/server/keytab-backend
@@ -21,6 +21,7 @@
 ##############################################################################
 
 use strict;
+use warnings;
 
 use Sys::Syslog qw(openlog syslog);
 
@@ -153,6 +154,7 @@ __END__
 =for stopwords
 keytab-backend keytabs KDC keytab kadmin.local -norandkey ktadd remctld
 auth Allbery rekeying MERCHANTABILITY NONINFRINGEMENT sublicense
+kadmin.local.
 
 =head1 NAME
 
@@ -211,7 +213,7 @@ standard output.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =head1 COPYRIGHT AND LICENSE
 
diff --git a/server/keytab-backend.8 b/server/keytab-backend.8
index 4808d29..8eb4c3d 100644
--- a/server/keytab-backend.8
+++ b/server/keytab-backend.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -38,6 +38,8 @@
 .    ds PI \(*p
 .    ds L" ``
 .    ds R" ''
+.    ds C`
+.    ds C'
 'br\}
 .\"
 .\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
 .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 .\" entries marked with X<> in POD.  Of course, you'll have to process the
 .\" output yourself in some meaningful fashion.
-.ie \nF \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
 ..
-.    nr % 0
-.    rr F
-.\}
-.el \{\
-.    de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+.    if \nF \{
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
+.        if !\nF==2 \{
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -124,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "KEYTAB-BACKEND 8"
-.TH KEYTAB-BACKEND 8 "2013-03-27" "1.0" "wallet"
+.TH KEYTAB-BACKEND 8 "2014-07-16" "1.1" "wallet"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -176,7 +185,7 @@ then delete the temporary file after the results have been sent to
 standard output.
 .SH "AUTHOR"
 .IX Header "AUTHOR"
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 .SH "COPYRIGHT AND LICENSE"
 .IX Header "COPYRIGHT AND LICENSE"
 Copyright 2006, 2007, 2008, 2010, 2013 The Board of Trustees of the Leland
@@ -192,13 +201,13 @@ Software is furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in
 all copies or substantial portions of the Software.
 .PP
-\&\s-1THE\s0 \s-1SOFTWARE\s0 \s-1IS\s0 \s-1PROVIDED\s0 \*(L"\s-1AS\s0 \s-1IS\s0\*(R", \s-1WITHOUT\s0 \s-1WARRANTY\s0 \s-1OF\s0 \s-1ANY\s0 \s-1KIND\s0, \s-1EXPRESS\s0 \s-1OR\s0
-\&\s-1IMPLIED\s0, \s-1INCLUDING\s0 \s-1BUT\s0 \s-1NOT\s0 \s-1LIMITED\s0 \s-1TO\s0 \s-1THE\s0 \s-1WARRANTIES\s0 \s-1OF\s0 \s-1MERCHANTABILITY\s0,
-\&\s-1FITNESS\s0 \s-1FOR\s0 A \s-1PARTICULAR\s0 \s-1PURPOSE\s0 \s-1AND\s0 \s-1NONINFRINGEMENT\s0.  \s-1IN\s0 \s-1NO\s0 \s-1EVENT\s0 \s-1SHALL\s0
-\&\s-1THE\s0 \s-1AUTHORS\s0 \s-1OR\s0 \s-1COPYRIGHT\s0 \s-1HOLDERS\s0 \s-1BE\s0 \s-1LIABLE\s0 \s-1FOR\s0 \s-1ANY\s0 \s-1CLAIM\s0, \s-1DAMAGES\s0 \s-1OR\s0 \s-1OTHER\s0
-\&\s-1LIABILITY\s0, \s-1WHETHER\s0 \s-1IN\s0 \s-1AN\s0 \s-1ACTION\s0 \s-1OF\s0 \s-1CONTRACT\s0, \s-1TORT\s0 \s-1OR\s0 \s-1OTHERWISE\s0, \s-1ARISING\s0
-\&\s-1FROM\s0, \s-1OUT\s0 \s-1OF\s0 \s-1OR\s0 \s-1IN\s0 \s-1CONNECTION\s0 \s-1WITH\s0 \s-1THE\s0 \s-1SOFTWARE\s0 \s-1OR\s0 \s-1THE\s0 \s-1USE\s0 \s-1OR\s0 \s-1OTHER\s0
-\&\s-1DEALINGS\s0 \s-1IN\s0 \s-1THE\s0 \s-1SOFTWARE\s0.
+\&\s-1THE SOFTWARE IS PROVIDED \*(L"AS IS\*(R", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 \&\fIkadmin.local\fR\|(8), \fIremctld\fR\|(8)
diff --git a/server/wallet-admin b/server/wallet-admin
index 02982dc..7ba1021 100755
--- a/server/wallet-admin
+++ b/server/wallet-admin
@@ -141,7 +141,7 @@ much as possible.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =head1 COPYRIGHT AND LICENSE
 
diff --git a/server/wallet-admin.8 b/server/wallet-admin.8
index b03dbcc..64226f7 100644
--- a/server/wallet-admin.8
+++ b/server/wallet-admin.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -38,6 +38,8 @@
 .    ds PI \(*p
 .    ds L" ``
 .    ds R" ''
+.    ds C`
+.    ds C'
 'br\}
 .\"
 .\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
 .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 .\" entries marked with X<> in POD.  Of course, you'll have to process the
 .\" output yourself in some meaningful fashion.
-.ie \nF \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
 ..
-.    nr % 0
-.    rr F
-.\}
-.el \{\
-.    de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+.    if \nF \{
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
+.        if !\nF==2 \{
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -124,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "WALLET-ADMIN 8"
-.TH WALLET-ADMIN 8 "2013-03-27" "1.0" "wallet"
+.TH WALLET-ADMIN 8 "2014-07-16" "1.1" "wallet"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -159,12 +168,12 @@ user intends to do this.
 .IX Item "initialize <principal>"
 Given an empty database, initializes it for use with the wallet server by
 creating the necessary tables and initial metadata.  Also creates an \s-1ACL\s0
-with the name \s-1ADMIN\s0, used for administrative privileges to the wallet
+with the name \s-1ADMIN,\s0 used for administrative privileges to the wallet
 system, and adds an \s-1ACL\s0 entry to it with a scheme of \f(CW\*(C`krb5\*(C'\fR and an
 instance of <principal>.  This bootstraps the authentication system and
-allows that user to make further changes to the \s-1ADMIN\s0 \s-1ACL\s0 and the rest of
+allows that user to make further changes to the \s-1ADMIN ACL\s0 and the rest of
 the wallet database.  \f(CW\*(C`initialize\*(C'\fR uses \f(CW\*(C`localhost\*(C'\fR as the hostname and
-<principal> as the user when logging the history of the \s-1ADMIN\s0 \s-1ACL\s0 creation
+<principal> as the user when logging the history of the \s-1ADMIN ACL\s0 creation
 and for any subsequent actions required to initialize the database.
 .Sp
 Before running \f(CW\*(C`initialize\*(C'\fR, the wallet system has to be configured.  See
@@ -188,7 +197,7 @@ Upgrades the database to the latest schema version, preserving data as
 much as possible.
 .SH "AUTHOR"
 .IX Header "AUTHOR"
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 .SH "COPYRIGHT AND LICENSE"
 .IX Header "COPYRIGHT AND LICENSE"
 Copyright 2008, 2009, 2010, 2011, 2013 The Board of Trustees of the Leland
@@ -204,13 +213,13 @@ Software is furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in
 all copies or substantial portions of the Software.
 .PP
-\&\s-1THE\s0 \s-1SOFTWARE\s0 \s-1IS\s0 \s-1PROVIDED\s0 \*(L"\s-1AS\s0 \s-1IS\s0\*(R", \s-1WITHOUT\s0 \s-1WARRANTY\s0 \s-1OF\s0 \s-1ANY\s0 \s-1KIND\s0, \s-1EXPRESS\s0 \s-1OR\s0
-\&\s-1IMPLIED\s0, \s-1INCLUDING\s0 \s-1BUT\s0 \s-1NOT\s0 \s-1LIMITED\s0 \s-1TO\s0 \s-1THE\s0 \s-1WARRANTIES\s0 \s-1OF\s0 \s-1MERCHANTABILITY\s0,
-\&\s-1FITNESS\s0 \s-1FOR\s0 A \s-1PARTICULAR\s0 \s-1PURPOSE\s0 \s-1AND\s0 \s-1NONINFRINGEMENT\s0.  \s-1IN\s0 \s-1NO\s0 \s-1EVENT\s0 \s-1SHALL\s0
-\&\s-1THE\s0 \s-1AUTHORS\s0 \s-1OR\s0 \s-1COPYRIGHT\s0 \s-1HOLDERS\s0 \s-1BE\s0 \s-1LIABLE\s0 \s-1FOR\s0 \s-1ANY\s0 \s-1CLAIM\s0, \s-1DAMAGES\s0 \s-1OR\s0 \s-1OTHER\s0
-\&\s-1LIABILITY\s0, \s-1WHETHER\s0 \s-1IN\s0 \s-1AN\s0 \s-1ACTION\s0 \s-1OF\s0 \s-1CONTRACT\s0, \s-1TORT\s0 \s-1OR\s0 \s-1OTHERWISE\s0, \s-1ARISING\s0
-\&\s-1FROM\s0, \s-1OUT\s0 \s-1OF\s0 \s-1OR\s0 \s-1IN\s0 \s-1CONNECTION\s0 \s-1WITH\s0 \s-1THE\s0 \s-1SOFTWARE\s0 \s-1OR\s0 \s-1THE\s0 \s-1USE\s0 \s-1OR\s0 \s-1OTHER\s0
-\&\s-1DEALINGS\s0 \s-1IN\s0 \s-1THE\s0 \s-1SOFTWARE\s0.
+\&\s-1THE SOFTWARE IS PROVIDED \*(L"AS IS\*(R", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 \&\fIWallet::Admin\fR\|(3), \fIWallet::Config\fR\|(3), \fIwallet\-backend\fR\|(8)
diff --git a/server/wallet-backend b/server/wallet-backend
index 3c87709..a2e6e6f 100755
--- a/server/wallet-backend
+++ b/server/wallet-backend
@@ -7,6 +7,7 @@
 ##############################################################################
 
 use strict;
+use warnings;
 
 use Getopt::Long qw(GetOptions);
 use Sys::Syslog qw(openlog syslog);
@@ -215,7 +216,7 @@ sub command {
         check_args (2, 2, [], @args);
         $server->destroy (@args) or failure ($server->error, @_);
     } elsif ($command eq 'expires') {
-        check_args (2, 4, [], @args);
+        check_args (2, 3, [], @args);
         if (@args > 2) {
             $server->expires (@args) or failure ($server->error, @_);
         } else {
@@ -489,9 +490,10 @@ identified by <type> and <name>, or C<No expiration set> if none is set.
 The expiration will be displayed in seconds since epoch.
 
 If <date> is given, sets the expiration on the object identified by <type>
-and <name> to <date> and (if given) <time>.  <date> must be in the format
-C<YYYY-MM-DD> and <time> in the format C<HH:MM:SS>.  If <date> is the
-empty string, clears the expiration of the object.
+and <name> to <date> and (if given) <time>.  <date> and <time> must be in
+some format that can be parsed by the Perl Date::Parse module.  Most
+common formats are supported; if in doubt, use C<YYYY-MM-DD HH:MM:SS>.  If
+<date> is the empty string, clears the expiration of the object.
 
 Currently, the expiration of an object is not used.
 
@@ -614,7 +616,7 @@ enctypes than those requested by this attribute.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =head1 COPYRIGHT AND LICENSE
 
diff --git a/server/wallet-backend.8 b/server/wallet-backend.8
index 980455f..b1c57d0 100644
--- a/server/wallet-backend.8
+++ b/server/wallet-backend.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -38,6 +38,8 @@
 .    ds PI \(*p
 .    ds L" ``
 .    ds R" ''
+.    ds C`
+.    ds C'
 'br\}
 .\"
 .\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
 .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 .\" entries marked with X<> in POD.  Of course, you'll have to process the
 .\" output yourself in some meaningful fashion.
-.ie \nF \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
 ..
-.    nr % 0
-.    rr F
-.\}
-.el \{\
-.    de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+.    if \nF \{
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
+.        if !\nF==2 \{
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -124,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "WALLET-BACKEND 8"
-.TH WALLET-BACKEND 8 "2013-03-27" "1.0" "wallet"
+.TH WALLET-BACKEND 8 "2014-07-16" "1.1" "wallet"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -165,8 +174,8 @@ Most commands are only available to wallet administrators (users on the
 \&\f(CW\*(C`store\*(C'\fR, \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`destroy\*(C'\fR, \f(CW\*(C`flag clear\*(C'\fR, \f(CW\*(C`flag set\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR,
 \&\f(CW\*(C`setattr\*(C'\fR, and \f(CW\*(C`history\*(C'\fR.  \f(CW\*(C`acl check\*(C'\fR and \f(CW\*(C`check\*(C'\fR can be run by
 anyone.  All of the rest of those commands have their own ACLs except
-\&\f(CW\*(C`getattr\*(C'\fR and \f(CW\*(C`history\*(C'\fR, which use the \f(CW\*(C`show\*(C'\fR \s-1ACL\s0, \f(CW\*(C`setattr\*(C'\fR, which
-uses the \f(CW\*(C`store\*(C'\fR \s-1ACL\s0, and \f(CW\*(C`comment\*(C'\fR, which uses the owner or \f(CW\*(C`show\*(C'\fR \s-1ACL\s0
+\&\f(CW\*(C`getattr\*(C'\fR and \f(CW\*(C`history\*(C'\fR, which use the \f(CW\*(C`show\*(C'\fR \s-1ACL, \s0\f(CW\*(C`setattr\*(C'\fR, which
+uses the \f(CW\*(C`store\*(C'\fR \s-1ACL,\s0 and \f(CW\*(C`comment\*(C'\fR, which uses the owner or \f(CW\*(C`show\*(C'\fR \s-1ACL\s0
 depending on whether one is setting or retrieving the comment.  If the
 appropriate \s-1ACL\s0 is set, it alone is checked to see if the user has access.
 Otherwise, \f(CW\*(C`destroy\*(C'\fR, \f(CW\*(C`get\*(C'\fR, \f(CW\*(C`store\*(C'\fR, \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR, \f(CW\*(C`setattr\*(C'\fR,
@@ -175,7 +184,7 @@ by the owner \s-1ACL\s0 of the object.
 .PP
 Administrators can run any command on any object or \s-1ACL\s0 except for \f(CW\*(C`get\*(C'\fR
 and \f(CW\*(C`store\*(C'\fR.  For \f(CW\*(C`get\*(C'\fR and \f(CW\*(C`store\*(C'\fR, they must still be authorized by
-either the appropriate specific \s-1ACL\s0 or the owner \s-1ACL\s0.
+either the appropriate specific \s-1ACL\s0 or the owner \s-1ACL.\s0
 .PP
 If the locked flag is set on an object, no commands can be run on that
 object that change data except the \f(CW\*(C`flags\*(C'\fR commands, nor can the \f(CW\*(C`get\*(C'\fR
@@ -195,7 +204,7 @@ Check whether an \s-1ACL\s0 with the \s-1ID\s0 <id> already exists.  If it does,
 .IP "acl create <name>" 4
 .IX Item "acl create <name>"
 Create a new, empty \s-1ACL\s0 with name <name>.  When setting an \s-1ACL\s0 on an
-object with a set of entries that don't match an existing \s-1ACL\s0, first
+object with a set of entries that don't match an existing \s-1ACL,\s0 first
 create a new \s-1ACL\s0 with \f(CW\*(C`acl create\*(C'\fR, add the appropriate entries to it
 with \f(CW\*(C`acl add\*(C'\fR, and then set the \s-1ACL\s0 on an object with the \f(CW\*(C`owner\*(C'\fR or
 \&\f(CW\*(C`setacl\*(C'\fR commands.
@@ -206,7 +215,7 @@ or the \s-1ACL\s0 destruction will fail.  The special \s-1ACL\s0 named \f(CW\*(C
 be destroyed.
 .IP "acl history <id>" 4
 .IX Item "acl history <id>"
-Display the history of the \s-1ACL\s0 <id>.  Each change to the \s-1ACL\s0 (not
+Display the history of the \s-1ACL\s0 <id>.  Each change to the \s-1ACL \s0(not
 including changes to the name of the \s-1ACL\s0) will be represented by two
 lines.  The first line will have a timestamp of the change followed by a
 description of the change, and the second line will give the user who made
@@ -215,13 +224,13 @@ the change and the host from which the change was made.
 .IX Item "acl remove <id> <scheme> <identifier>"
 Remove the entry with <scheme> and <identifier> from the \s-1ACL\s0 <id>.  <id>
 may be either the name of an \s-1ACL\s0 or its numeric identifier.  The last
-entry in the special \s-1ACL\s0 \f(CW\*(C`ADMIN\*(C'\fR cannot be removed to protect against
+entry in the special \s-1ACL \s0\f(CW\*(C`ADMIN\*(C'\fR cannot be removed to protect against
 accidental lockout, but administrators can remove themselves from the
-\&\f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0 and can leave only a non-functioning entry on the \s-1ACL\s0.  Use
-caution when removing entries from the \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0.
+\&\f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0 and can leave only a non-functioning entry on the \s-1ACL. \s0 Use
+caution when removing entries from the \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL.\s0
 .IP "acl show <id>" 4
 .IX Item "acl show <id>"
-Display the name, numeric \s-1ID\s0, and entries of the \s-1ACL\s0 <id>.
+Display the name, numeric \s-1ID,\s0 and entries of the \s-1ACL\s0 <id>.
 .IP "autocreate <type> <name>" 4
 .IX Item "autocreate <type> <name>"
 Create a new object of type <type> with name <name>.  The user must be
@@ -257,9 +266,10 @@ identified by <type> and <name>, or \f(CW\*(C`No expiration set\*(C'\fR if none
 The expiration will be displayed in seconds since epoch.
 .Sp
 If <date> is given, sets the expiration on the object identified by <type>
-and <name> to <date> and (if given) <time>.  <date> must be in the format
-\&\f(CW\*(C`YYYY\-MM\-DD\*(C'\fR and <time> in the format \f(CW\*(C`HH:MM:SS\*(C'\fR.  If <date> is the
-empty string, clears the expiration of the object.
+and <name> to <date> and (if given) <time>.  <date> and <time> must be in
+some format that can be parsed by the Perl Date::Parse module.  Most
+common formats are supported; if in doubt, use \f(CW\*(C`YYYY\-MM\-DD HH:MM:SS\*(C'\fR.  If
+<date> is the empty string, clears the expiration of the object.
 .Sp
 Currently, the expiration of an object is not used.
 .IP "flag clear <type> <name> <flag>" 4
@@ -284,7 +294,7 @@ Prints the \s-1ACL\s0 <acl>, which must be one of \f(CW\*(C`get\*(C'\fR, \f(CW\*
 \&\f(CW\*(C`destroy\*(C'\fR, or \f(CW\*(C`flags\*(C'\fR, for the object identified by <type> and <name>.
 Prints \f(CW\*(C`No ACL set\*(C'\fR if that \s-1ACL\s0 isn't set on that object.  Remember that
 if the \f(CW\*(C`get\*(C'\fR, \f(CW\*(C`store\*(C'\fR, or \f(CW\*(C`show\*(C'\fR ACLs aren't set, authorization falls
-back to checking the owner \s-1ACL\s0.  See the \f(CW\*(C`owner\*(C'\fR command for displaying
+back to checking the owner \s-1ACL. \s0 See the \f(CW\*(C`owner\*(C'\fR command for displaying
 or setting it.
 .IP "getattr <type> <name> <attr>" 4
 .IX Item "getattr <type> <name> <attr>"
@@ -305,7 +315,7 @@ the action and the host from which they performed it.
 .IX Item "owner <type> <name> [<owner>]"
 If <owner> is not given, displays the current owner \s-1ACL\s0 of the object
 identified by <type> and <name>, or \f(CW\*(C`No owner set\*(C'\fR if none is set.  The
-result will be the name of an \s-1ACL\s0.
+result will be the name of an \s-1ACL.\s0
 .Sp
 If <owner> is given, sets the owner of the object identified by <type> and
 <name> to <owner>.  If <owner> is the empty string, clears the owner of
@@ -361,7 +371,7 @@ the \s-1KDC\s0 for that Kerberos principal and therefore may contain different
 enctypes than those requested by this attribute.
 .SH "AUTHOR"
 .IX Header "AUTHOR"
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 .SH "COPYRIGHT AND LICENSE"
 .IX Header "COPYRIGHT AND LICENSE"
 Copyright 2007, 2008, 2010, 2011, 2012, 2013 The Board of Trustees of the
@@ -377,13 +387,13 @@ Software is furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in
 all copies or substantial portions of the Software.
 .PP
-\&\s-1THE\s0 \s-1SOFTWARE\s0 \s-1IS\s0 \s-1PROVIDED\s0 \*(L"\s-1AS\s0 \s-1IS\s0\*(R", \s-1WITHOUT\s0 \s-1WARRANTY\s0 \s-1OF\s0 \s-1ANY\s0 \s-1KIND\s0, \s-1EXPRESS\s0 \s-1OR\s0
-\&\s-1IMPLIED\s0, \s-1INCLUDING\s0 \s-1BUT\s0 \s-1NOT\s0 \s-1LIMITED\s0 \s-1TO\s0 \s-1THE\s0 \s-1WARRANTIES\s0 \s-1OF\s0 \s-1MERCHANTABILITY\s0,
-\&\s-1FITNESS\s0 \s-1FOR\s0 A \s-1PARTICULAR\s0 \s-1PURPOSE\s0 \s-1AND\s0 \s-1NONINFRINGEMENT\s0.  \s-1IN\s0 \s-1NO\s0 \s-1EVENT\s0 \s-1SHALL\s0
-\&\s-1THE\s0 \s-1AUTHORS\s0 \s-1OR\s0 \s-1COPYRIGHT\s0 \s-1HOLDERS\s0 \s-1BE\s0 \s-1LIABLE\s0 \s-1FOR\s0 \s-1ANY\s0 \s-1CLAIM\s0, \s-1DAMAGES\s0 \s-1OR\s0 \s-1OTHER\s0
-\&\s-1LIABILITY\s0, \s-1WHETHER\s0 \s-1IN\s0 \s-1AN\s0 \s-1ACTION\s0 \s-1OF\s0 \s-1CONTRACT\s0, \s-1TORT\s0 \s-1OR\s0 \s-1OTHERWISE\s0, \s-1ARISING\s0
-\&\s-1FROM\s0, \s-1OUT\s0 \s-1OF\s0 \s-1OR\s0 \s-1IN\s0 \s-1CONNECTION\s0 \s-1WITH\s0 \s-1THE\s0 \s-1SOFTWARE\s0 \s-1OR\s0 \s-1THE\s0 \s-1USE\s0 \s-1OR\s0 \s-1OTHER\s0
-\&\s-1DEALINGS\s0 \s-1IN\s0 \s-1THE\s0 \s-1SOFTWARE\s0.
+\&\s-1THE SOFTWARE IS PROVIDED \*(L"AS IS\*(R", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 \&\fIWallet::Server\fR\|(3), \fIremctld\fR\|(8)
diff --git a/server/wallet-report b/server/wallet-report
index 87755b8..b5a2247 100755
--- a/server/wallet-report
+++ b/server/wallet-report
@@ -277,7 +277,7 @@ with duplicates suppressed.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =head1 COPYRIGHT AND LICENSE
 
diff --git a/server/wallet-report.8 b/server/wallet-report.8
index 003bafb..f0ab9fd 100644
--- a/server/wallet-report.8
+++ b/server/wallet-report.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -38,6 +38,8 @@
 .    ds PI \(*p
 .    ds L" ``
 .    ds R" ''
+.    ds C`
+.    ds C'
 'br\}
 .\"
 .\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
 .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 .\" entries marked with X<> in POD.  Of course, you'll have to process the
 .\" output yourself in some meaningful fashion.
-.ie \nF \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
 ..
-.    nr % 0
-.    rr F
-.\}
-.el \{\
-.    de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+.    if \nF \{
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
+.        if !\nF==2 \{
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -124,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "WALLET-REPORT 8"
-.TH WALLET-REPORT 8 "2013-03-27" "1.0" "wallet"
+.TH WALLET-REPORT 8 "2014-07-16" "1.1" "wallet"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -167,9 +176,9 @@ report, ACLs will be listed in the form:
 \&    <name> (ACL ID: <id>)
 .Ve
 .Sp
-where <name> is the human-readable name and <id> is the numeric \s-1ID\s0.  The
+where <name> is the human-readable name and <id> is the numeric \s-1ID. \s0 The
 numeric \s-1ID\s0 is what's used internally by the wallet system.  There will be
-one line per \s-1ACL\s0.
+one line per \s-1ACL.\s0
 .Sp
 For the \f(CW\*(C`duplicate\*(C'\fR report, the output will instead be one duplicate set
 per line.  This will be a set of ACLs that all have the same entries.
@@ -221,9 +230,9 @@ and ACLs in the form:
 \&    <name> (ACL ID: <id>)
 .Ve
 .Sp
-where <name> is the human-readable name and <id> is the numeric \s-1ID\s0.  The
+where <name> is the human-readable name and <id> is the numeric \s-1ID. \s0 The
 numeric \s-1ID\s0 is what's used internally by the wallet system.  There will be
-one line per object or \s-1ACL\s0.
+one line per object or \s-1ACL.\s0
 .IP "help" 4
 .IX Item "help"
 Displays a summary of all available commands.
@@ -266,7 +275,7 @@ those where that \s-1ACL\s0 has any other, more limited permissions.
 Returns all objects which have the given flag set.
 .IP "objects owner <acl>" 4
 .IX Item "objects owner <acl>"
-Returns all objects owned by the given \s-1ACL\s0 name or \s-1ID\s0.
+Returns all objects owned by the given \s-1ACL\s0 name or \s-1ID.\s0
 .IP "objects type <type>" 4
 .IX Item "objects type <type>"
 Returns all objects of the given type.
@@ -293,7 +302,7 @@ The output will be one line per \s-1ACL\s0 line in the form:
 with duplicates suppressed.
 .SH "AUTHOR"
 .IX Header "AUTHOR"
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 .SH "COPYRIGHT AND LICENSE"
 .IX Header "COPYRIGHT AND LICENSE"
 Copyright 2008, 2009, 2010, 2013 The Board of Trustees of the Leland
@@ -309,13 +318,13 @@ Software is furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in
 all copies or substantial portions of the Software.
 .PP
-\&\s-1THE\s0 \s-1SOFTWARE\s0 \s-1IS\s0 \s-1PROVIDED\s0 \*(L"\s-1AS\s0 \s-1IS\s0\*(R", \s-1WITHOUT\s0 \s-1WARRANTY\s0 \s-1OF\s0 \s-1ANY\s0 \s-1KIND\s0, \s-1EXPRESS\s0 \s-1OR\s0
-\&\s-1IMPLIED\s0, \s-1INCLUDING\s0 \s-1BUT\s0 \s-1NOT\s0 \s-1LIMITED\s0 \s-1TO\s0 \s-1THE\s0 \s-1WARRANTIES\s0 \s-1OF\s0 \s-1MERCHANTABILITY\s0,
-\&\s-1FITNESS\s0 \s-1FOR\s0 A \s-1PARTICULAR\s0 \s-1PURPOSE\s0 \s-1AND\s0 \s-1NONINFRINGEMENT\s0.  \s-1IN\s0 \s-1NO\s0 \s-1EVENT\s0 \s-1SHALL\s0
-\&\s-1THE\s0 \s-1AUTHORS\s0 \s-1OR\s0 \s-1COPYRIGHT\s0 \s-1HOLDERS\s0 \s-1BE\s0 \s-1LIABLE\s0 \s-1FOR\s0 \s-1ANY\s0 \s-1CLAIM\s0, \s-1DAMAGES\s0 \s-1OR\s0 \s-1OTHER\s0
-\&\s-1LIABILITY\s0, \s-1WHETHER\s0 \s-1IN\s0 \s-1AN\s0 \s-1ACTION\s0 \s-1OF\s0 \s-1CONTRACT\s0, \s-1TORT\s0 \s-1OR\s0 \s-1OTHERWISE\s0, \s-1ARISING\s0
-\&\s-1FROM\s0, \s-1OUT\s0 \s-1OF\s0 \s-1OR\s0 \s-1IN\s0 \s-1CONNECTION\s0 \s-1WITH\s0 \s-1THE\s0 \s-1SOFTWARE\s0 \s-1OR\s0 \s-1THE\s0 \s-1USE\s0 \s-1OR\s0 \s-1OTHER\s0
-\&\s-1DEALINGS\s0 \s-1IN\s0 \s-1THE\s0 \s-1SOFTWARE\s0.
+\&\s-1THE SOFTWARE IS PROVIDED \*(L"AS IS\*(R", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 \&\fIWallet::Config\fR\|(3), \fIWallet::Report\fR\|(3), \fIwallet\-backend\fR\|(8)
author	Russ Allbery <eagle@eyrie.org>	2014-07-16 13:43:17 -0700
committer	Russ Allbery <eagle@eyrie.org>	2014-07-16 13:43:17 -0700
commit	6409733ee3b7b1910dc1c166a392cc628834146c (patch)
tree	e9460f8f2ca0f3676afeed2a9dcf549acfc39b53 /server
parent	334ed844cbb5c8f7ea82a94c701a3016dd6950b9 (diff)
parent	f8963ceb19cd2b503b981f43a3f8c0f45649989f (diff)