1 files changed, 16 insertions, 60 deletions
diff --git a/perl/Wallet/Kadmin/MIT.pm b/perl/Wallet/Kadmin/MIT.pm
index 9dc101e..1ab8b1d 100644
--- a/perl/Wallet/Kadmin/MIT.pm
+++ b/perl/Wallet/Kadmin/MIT.pm
@@ -1,4 +1,4 @@
-# Wallet::Kadmin::MIT -- MIT Kadmin interactions for the wallet.
+# Wallet::Kadmin::MIT -- Wallet Kerberos administration API for MIT.
 #
 # Written by Russ Allbery <rra@stanford.edu>
 # Pulled into a module by Jon Robertson <jonrober@stanford.edu>
@@ -28,16 +28,6 @@ use Wallet::Kadmin ();
 $VERSION = '0.02';
 
 ##############################################################################
-# Utility functions
-##############################################################################
-
-# Set a callback to be called for forked kadmin processes.
-sub fork_callback {
-    my ($self, $callback) = @_;
-    $self->{fork_callback} = $callback;
-}
-
-##############################################################################
 # kadmin Interaction
 ##############################################################################
 
@@ -99,6 +89,12 @@ sub kadmin {
 # Public interfaces
 ##############################################################################
 
+# Set a callback to be called for forked kadmin processes.
+sub fork_callback {
+    my ($self, $callback) = @_;
+    $self->{fork_callback} = $callback;
+}
+
 # Check whether a given principal already exists in Kerberos.  Returns true if
 # so, false otherwise.  Returns undef if kadmin fails, with the error already
 # set by kadmin.
@@ -196,10 +192,6 @@ sub delprinc {
     return 1;
 }
 
-##############################################################################
-# Documentation
-##############################################################################
-
 # Create a new MIT kadmin object.  Very empty for the moment, but later it
 # will probably fill out if we go to using a module rather than calling
 # kadmin directly.
@@ -218,15 +210,15 @@ __END__
 ##############################################################################
 
 =for stopwords
-keytabs keytab kadmin enctype enctypes API ENCTYPES Allbery
+keytabs keytab kadmin KDC API Allbery
 
 =head1 NAME
 
-Wallet::Kadmin::MIT - MIT admin interactions for wallet keytabs
+Wallet::Kadmin::MIT - Wallet Kerberos administration API for MIT
 
 =head1 SYNOPSIS
 
-    my $kadmin = Wallet::Kadmin::MIT->new ();
+    my $kadmin = Wallet::Kadmin::MIT->new;
     $kadmin->addprinc ("host/shell.example.com");
     $kadmin->ktadd ("host/shell.example.com", "aes256-cts-hmac-sha1-96");
     my $exists = $kadmin->exists ("host/oldshell.example.com");
@@ -234,52 +226,15 @@ Wallet::Kadmin::MIT - MIT admin interactions for wallet keytabs
 
 =head1 DESCRIPTION
 
-Wallet::Kadmin::MIT is an interface for keytab integration with the
-wallet, specifically for using kadmin to create, delete, and add enctypes
-to keytabs.  It implements the wallet kadmin API and provides the
-necessary glue to MIT Kerberos installs for each of these functions, while
-allowing the wallet to keep the details of what type of Kerberos
-installation is being used abstracted.
-
-A keytab is an on-disk store for the key or keys for a Kerberos principal.
-Keytabs are used by services to verify incoming authentication from
-clients or by automated processes that need to authenticate to Kerberos.
-To create a keytab, the principal has to be created in Kerberos and then a
-keytab is generated and stored in a file on disk.
+Wallet::Kadmin::MIT implements the Wallet::Kadmin API for MIT Kerberos,
+providing an interface to create and delete principals and create keytabs.
+It provides the API documented in Wallet::Kadmin(3) for an MIT Kerberos
+KDC.
 
 To use this object, several configuration parameters must be set.  See
 Wallet::Config(3) for details on those configuration parameters and
 information about how to set wallet configuration.
 
-=head1 METHODS
-
-=over 4
-
-=item addprinc(PRINCIPAL)
-
-Adds a new principal with a given name.  The principal is created with a
-random password, and any other flags set by Wallet::Config.  Returns true
-on success, or throws an error if there was a failure in adding the
-principal.  If the principal already exists, return true as we are
-bringing our expectations in line with reality.
-
-=item delprinc(PRINCIPAL)
-
-Removes a principal with the given name.  Returns true on success, or
-throws an error if there was a failure in removing the principal.  If the
-principal does not exist, return true as we are bringing our expectations
-in line with reality.
-
-=item ktadd(PRINCIPAL, FILE, ENCTYPES)
-
-Creates a new keytab for the given principal, as the given file, limited
-to the enctypes supplied.  The enctype values must be enctype strings
-recognized by Kerberos (strings like C<aes256-cts-hmac-sha1-96> or
-C<des-cbc-crc>).  An error is thrown on failure or if the creation fails,
-otherwise true is returned.
-
-=back
-
 =head1 LIMITATIONS
 
 Currently, this implementation calls an external B<kadmin> program rather
@@ -289,7 +244,8 @@ output of B<kadmin> ever changes.
 
 =head1 SEE ALSO
 
-kadmin(8), Wallet::Config(3), Wallet::Object::Keytab(3), wallet-backend(8)
+kadmin(8), Wallet::Config(3), Wallet::Kadmin(3),
+Wallet::Object::Keytab(3), wallet-backend(8)
 
 This module is part of the wallet system.  The current version is
 available from L<http://www.eyrie.org/~eagle/software/wallet/>.