1 files changed, 42 insertions, 32 deletions

diff --git a/server/wallet-backend.8 b/server/wallet-backend.8
index 980455f..b1c57d0 100644
--- a/server/wallet-backend.8
+++ b/server/wallet-backend.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -38,6 +38,8 @@
 .    ds PI \(*p
 .    ds L" ``
 .    ds R" ''
+.    ds C`
+.    ds C'
 'br\}
 .\"
 .\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
 .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 .\" entries marked with X<> in POD.  Of course, you'll have to process the
 .\" output yourself in some meaningful fashion.
-.ie \nF \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
 ..
-.    nr % 0
-.    rr F
-.\}
-.el \{\
-.    de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+.    if \nF \{
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
+.        if !\nF==2 \{
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -124,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "WALLET-BACKEND 8"
-.TH WALLET-BACKEND 8 "2013-03-27" "1.0" "wallet"
+.TH WALLET-BACKEND 8 "2014-07-16" "1.1" "wallet"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -165,8 +174,8 @@ Most commands are only available to wallet administrators (users on the
 \&\f(CW\*(C`store\*(C'\fR, \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`destroy\*(C'\fR, \f(CW\*(C`flag clear\*(C'\fR, \f(CW\*(C`flag set\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR,
 \&\f(CW\*(C`setattr\*(C'\fR, and \f(CW\*(C`history\*(C'\fR.  \f(CW\*(C`acl check\*(C'\fR and \f(CW\*(C`check\*(C'\fR can be run by
 anyone.  All of the rest of those commands have their own ACLs except
-\&\f(CW\*(C`getattr\*(C'\fR and \f(CW\*(C`history\*(C'\fR, which use the \f(CW\*(C`show\*(C'\fR \s-1ACL\s0, \f(CW\*(C`setattr\*(C'\fR, which
-uses the \f(CW\*(C`store\*(C'\fR \s-1ACL\s0, and \f(CW\*(C`comment\*(C'\fR, which uses the owner or \f(CW\*(C`show\*(C'\fR \s-1ACL\s0
+\&\f(CW\*(C`getattr\*(C'\fR and \f(CW\*(C`history\*(C'\fR, which use the \f(CW\*(C`show\*(C'\fR \s-1ACL, \s0\f(CW\*(C`setattr\*(C'\fR, which
+uses the \f(CW\*(C`store\*(C'\fR \s-1ACL,\s0 and \f(CW\*(C`comment\*(C'\fR, which uses the owner or \f(CW\*(C`show\*(C'\fR \s-1ACL\s0
 depending on whether one is setting or retrieving the comment.  If the
 appropriate \s-1ACL\s0 is set, it alone is checked to see if the user has access.
 Otherwise, \f(CW\*(C`destroy\*(C'\fR, \f(CW\*(C`get\*(C'\fR, \f(CW\*(C`store\*(C'\fR, \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR, \f(CW\*(C`setattr\*(C'\fR,
@@ -175,7 +184,7 @@ by the owner \s-1ACL\s0 of the object.
 .PP
 Administrators can run any command on any object or \s-1ACL\s0 except for \f(CW\*(C`get\*(C'\fR
 and \f(CW\*(C`store\*(C'\fR.  For \f(CW\*(C`get\*(C'\fR and \f(CW\*(C`store\*(C'\fR, they must still be authorized by
-either the appropriate specific \s-1ACL\s0 or the owner \s-1ACL\s0.
+either the appropriate specific \s-1ACL\s0 or the owner \s-1ACL.\s0
 .PP
 If the locked flag is set on an object, no commands can be run on that
 object that change data except the \f(CW\*(C`flags\*(C'\fR commands, nor can the \f(CW\*(C`get\*(C'\fR
@@ -195,7 +204,7 @@ Check whether an \s-1ACL\s0 with the \s-1ID\s0 <id> already exists.  If it does,
 .IP "acl create <name>" 4
 .IX Item "acl create <name>"
 Create a new, empty \s-1ACL\s0 with name <name>.  When setting an \s-1ACL\s0 on an
-object with a set of entries that don't match an existing \s-1ACL\s0, first
+object with a set of entries that don't match an existing \s-1ACL,\s0 first
 create a new \s-1ACL\s0 with \f(CW\*(C`acl create\*(C'\fR, add the appropriate entries to it
 with \f(CW\*(C`acl add\*(C'\fR, and then set the \s-1ACL\s0 on an object with the \f(CW\*(C`owner\*(C'\fR or
 \&\f(CW\*(C`setacl\*(C'\fR commands.
@@ -206,7 +215,7 @@ or the \s-1ACL\s0 destruction will fail.  The special \s-1ACL\s0 named \f(CW\*(C
 be destroyed.
 .IP "acl history <id>" 4
 .IX Item "acl history <id>"
-Display the history of the \s-1ACL\s0 <id>.  Each change to the \s-1ACL\s0 (not
+Display the history of the \s-1ACL\s0 <id>.  Each change to the \s-1ACL \s0(not
 including changes to the name of the \s-1ACL\s0) will be represented by two
 lines.  The first line will have a timestamp of the change followed by a
 description of the change, and the second line will give the user who made
@@ -215,13 +224,13 @@ the change and the host from which the change was made.
 .IX Item "acl remove <id> <scheme> <identifier>"
 Remove the entry with <scheme> and <identifier> from the \s-1ACL\s0 <id>.  <id>
 may be either the name of an \s-1ACL\s0 or its numeric identifier.  The last
-entry in the special \s-1ACL\s0 \f(CW\*(C`ADMIN\*(C'\fR cannot be removed to protect against
+entry in the special \s-1ACL \s0\f(CW\*(C`ADMIN\*(C'\fR cannot be removed to protect against
 accidental lockout, but administrators can remove themselves from the
-\&\f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0 and can leave only a non-functioning entry on the \s-1ACL\s0.  Use
-caution when removing entries from the \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0.
+\&\f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0 and can leave only a non-functioning entry on the \s-1ACL. \s0 Use
+caution when removing entries from the \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL.\s0
 .IP "acl show <id>" 4
 .IX Item "acl show <id>"
-Display the name, numeric \s-1ID\s0, and entries of the \s-1ACL\s0 <id>.
+Display the name, numeric \s-1ID,\s0 and entries of the \s-1ACL\s0 <id>.
 .IP "autocreate <type> <name>" 4
 .IX Item "autocreate <type> <name>"
 Create a new object of type <type> with name <name>.  The user must be
@@ -257,9 +266,10 @@ identified by <type> and <name>, or \f(CW\*(C`No expiration set\*(C'\fR if none
 The expiration will be displayed in seconds since epoch.
 .Sp
 If <date> is given, sets the expiration on the object identified by <type>
-and <name> to <date> and (if given) <time>.  <date> must be in the format
-\&\f(CW\*(C`YYYY\-MM\-DD\*(C'\fR and <time> in the format \f(CW\*(C`HH:MM:SS\*(C'\fR.  If <date> is the
-empty string, clears the expiration of the object.
+and <name> to <date> and (if given) <time>.  <date> and <time> must be in
+some format that can be parsed by the Perl Date::Parse module.  Most
+common formats are supported; if in doubt, use \f(CW\*(C`YYYY\-MM\-DD HH:MM:SS\*(C'\fR.  If
+<date> is the empty string, clears the expiration of the object.
 .Sp
 Currently, the expiration of an object is not used.
 .IP "flag clear <type> <name> <flag>" 4
@@ -284,7 +294,7 @@ Prints the \s-1ACL\s0 <acl>, which must be one of \f(CW\*(C`get\*(C'\fR, \f(CW\*
 \&\f(CW\*(C`destroy\*(C'\fR, or \f(CW\*(C`flags\*(C'\fR, for the object identified by <type> and <name>.
 Prints \f(CW\*(C`No ACL set\*(C'\fR if that \s-1ACL\s0 isn't set on that object.  Remember that
 if the \f(CW\*(C`get\*(C'\fR, \f(CW\*(C`store\*(C'\fR, or \f(CW\*(C`show\*(C'\fR ACLs aren't set, authorization falls
-back to checking the owner \s-1ACL\s0.  See the \f(CW\*(C`owner\*(C'\fR command for displaying
+back to checking the owner \s-1ACL. \s0 See the \f(CW\*(C`owner\*(C'\fR command for displaying
 or setting it.
 .IP "getattr <type> <name> <attr>" 4
 .IX Item "getattr <type> <name> <attr>"
@@ -305,7 +315,7 @@ the action and the host from which they performed it.
 .IX Item "owner <type> <name> [<owner>]"
 If <owner> is not given, displays the current owner \s-1ACL\s0 of the object
 identified by <type> and <name>, or \f(CW\*(C`No owner set\*(C'\fR if none is set.  The
-result will be the name of an \s-1ACL\s0.
+result will be the name of an \s-1ACL.\s0
 .Sp
 If <owner> is given, sets the owner of the object identified by <type> and
 <name> to <owner>.  If <owner> is the empty string, clears the owner of
@@ -361,7 +371,7 @@ the \s-1KDC\s0 for that Kerberos principal and therefore may contain different
 enctypes than those requested by this attribute.
 .SH "AUTHOR"
 .IX Header "AUTHOR"
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 .SH "COPYRIGHT AND LICENSE"
 .IX Header "COPYRIGHT AND LICENSE"
 Copyright 2007, 2008, 2010, 2011, 2012, 2013 The Board of Trustees of the
@@ -377,13 +387,13 @@ Software is furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in
 all copies or substantial portions of the Software.
 .PP
-\&\s-1THE\s0 \s-1SOFTWARE\s0 \s-1IS\s0 \s-1PROVIDED\s0 \*(L"\s-1AS\s0 \s-1IS\s0\*(R", \s-1WITHOUT\s0 \s-1WARRANTY\s0 \s-1OF\s0 \s-1ANY\s0 \s-1KIND\s0, \s-1EXPRESS\s0 \s-1OR\s0
-\&\s-1IMPLIED\s0, \s-1INCLUDING\s0 \s-1BUT\s0 \s-1NOT\s0 \s-1LIMITED\s0 \s-1TO\s0 \s-1THE\s0 \s-1WARRANTIES\s0 \s-1OF\s0 \s-1MERCHANTABILITY\s0,
-\&\s-1FITNESS\s0 \s-1FOR\s0 A \s-1PARTICULAR\s0 \s-1PURPOSE\s0 \s-1AND\s0 \s-1NONINFRINGEMENT\s0.  \s-1IN\s0 \s-1NO\s0 \s-1EVENT\s0 \s-1SHALL\s0
-\&\s-1THE\s0 \s-1AUTHORS\s0 \s-1OR\s0 \s-1COPYRIGHT\s0 \s-1HOLDERS\s0 \s-1BE\s0 \s-1LIABLE\s0 \s-1FOR\s0 \s-1ANY\s0 \s-1CLAIM\s0, \s-1DAMAGES\s0 \s-1OR\s0 \s-1OTHER\s0
-\&\s-1LIABILITY\s0, \s-1WHETHER\s0 \s-1IN\s0 \s-1AN\s0 \s-1ACTION\s0 \s-1OF\s0 \s-1CONTRACT\s0, \s-1TORT\s0 \s-1OR\s0 \s-1OTHERWISE\s0, \s-1ARISING\s0
-\&\s-1FROM\s0, \s-1OUT\s0 \s-1OF\s0 \s-1OR\s0 \s-1IN\s0 \s-1CONNECTION\s0 \s-1WITH\s0 \s-1THE\s0 \s-1SOFTWARE\s0 \s-1OR\s0 \s-1THE\s0 \s-1USE\s0 \s-1OR\s0 \s-1OTHER\s0
-\&\s-1DEALINGS\s0 \s-1IN\s0 \s-1THE\s0 \s-1SOFTWARE\s0.
+\&\s-1THE SOFTWARE IS PROVIDED \*(L"AS IS\*(R", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 \&\fIWallet::Server\fR\|(3), \fIremctld\fR\|(8)