krb5 commit [krb5-1.12]: Remove indent workaround in man page RST sources
Tom Yu
tlyu at MIT.EDU
Mon Jul 21 18:44:35 EDT 2014
https://github.com/krb5/krb5/commit/1ac533f132539513916aafccd0e159cb2687ad08
commit 1ac533f132539513916aafccd0e159cb2687ad08
Author: Greg Hudson <ghudson at mit.edu>
Date: Thu Jun 12 14:34:26 2014 -0400
Remove indent workaround in man page RST sources
docutils 0.10 properly adds indentation to example blocks in man
pages, so we do not need to force an extra indentation level. Get rid
of the workaround wherever we use it.
(back ported from 4bd50f73c80a86852ec0879abdf52202be40892b)
ticket: 7954
version_fixed: 1.12.2
status: resolved
doc/admin/admin_commands/kadmin_local.rst | 40 +++++--------------
doc/admin/admin_commands/kdb5_ldap_util.rst | 44 +++++----------------
doc/admin/admin_commands/kpropd.rst | 4 +-
doc/admin/admin_commands/kproplog.rst | 4 +-
doc/admin/admin_commands/krb5kdc.rst | 4 +-
doc/admin/admin_commands/sserver.rst | 36 +++++------------
doc/admin/conf_files/kadm5_acl.rst | 8 +---
doc/admin/conf_files/kdc_conf.rst | 28 +++----------
doc/admin/conf_files/krb5_conf.rst | 56 +++++++-------------------
doc/admin/database.rst | 2 +-
doc/admin/princ_dns.rst | 16 +++-----
doc/appdev/init_creds.rst | 24 +++---------
doc/basic/date_format.rst | 2 +-
doc/user/user_commands/klist.rst | 4 +-
doc/user/user_commands/krb5-config.rst | 4 +-
doc/user/user_commands/ksu.rst | 22 +++--------
doc/user/user_config/k5identity.rst | 4 +-
doc/user/user_config/k5login.rst | 8 +---
18 files changed, 83 insertions(+), 227 deletions(-)
diff --git a/doc/admin/admin_commands/kadmin_local.rst b/doc/admin/admin_commands/kadmin_local.rst
index 63fde48..a51d6a4 100644
--- a/doc/admin/admin_commands/kadmin_local.rst
+++ b/doc/admin/admin_commands/kadmin_local.rst
@@ -350,9 +350,7 @@ Options:
- *dn* and *containerdn* should be within the subtrees or
principal container configured in the realm.
-Example:
-
- ::
+Example::
kadmin: addprinc jennifer
WARNING: no policy specified for "jennifer at ATHENA.MIT.EDU";
@@ -457,9 +455,7 @@ The following options are available:
Keeps the existing keys in the database. This flag is usually not
necessary except perhaps for ``krbtgt`` principals.
-Example:
-
- ::
+Example::
kadmin: cpw systest
Enter password for principal systest at BLEEP.COM:
@@ -501,9 +497,7 @@ running the the program to be the same as the one being listed.
Alias: **getprinc**
-Examples:
-
- ::
+Examples::
kadmin: getprinc tlyu/admin
Principal: tlyu/admin at BLEEP.COM
@@ -549,9 +543,7 @@ This command requires the **list** privilege.
Alias: **listprincs**, **get_principals**, **get_princs**
-Example:
-
- ::
+Example::
kadmin: listprincs test*
test3 at SECURE-TEST.OV.COM
@@ -684,9 +676,7 @@ The following options are available:
with commas (',') only. To clear the allowed key/salt policy use
a value of '-'.
-Example:
-
- ::
+Example::
kadmin: add_policy -maxlife "2 days" -minlength 5 guests
kadmin:
@@ -724,9 +714,7 @@ This command requires the **delete** privilege.
Alias: **delpol**
-Example:
-
- ::
+Example::
kadmin: del_policy guests
Are you sure you want to delete the policy "guests"?
@@ -750,9 +738,7 @@ This command requires the **inquire** privilege.
Alias: getpol
-Examples:
-
- ::
+Examples::
kadmin: get_policy admin
Policy: admin
@@ -790,9 +776,7 @@ This command requires the **list** privilege.
Aliases: **listpols**, **get_policies**, **getpols**.
-Examples:
-
- ::
+Examples::
kadmin: listpols
test-pol
@@ -846,9 +830,7 @@ An entry for each of the principal's unique encryption types is added,
ignoring multiple keys with the same encryption type but different
salt types.
-Example:
-
- ::
+Example::
kadmin: ktadd -k /tmp/foo-new-keytab host/foo.mit.edu
Entry for principal host/foo.mit.edu at ATHENA.MIT.EDU with kvno 3,
@@ -883,9 +865,7 @@ The options are:
**-q**
Display less verbose information.
-Example:
-
- ::
+Example::
kadmin: ktremove kadmin/admin all
Entry for principal kadmin/admin with kvno 3 removed from keytab
diff --git a/doc/admin/admin_commands/kdb5_ldap_util.rst b/doc/admin/admin_commands/kdb5_ldap_util.rst
index e5c037d..4516e04 100644
--- a/doc/admin/admin_commands/kdb5_ldap_util.rst
+++ b/doc/admin/admin_commands/kdb5_ldap_util.rst
@@ -122,9 +122,7 @@ Creates realm in directory. Options:
documented in the description of the **add_principal** command in
:ref:`kadmin(1)`.
-Example:
-
- ::
+Example::
kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
create -subtrees o=org -sscope SUB -r ATHENA.MIT.EDU
@@ -183,9 +181,7 @@ Modifies the attributes of a realm. Options:
documented in the description of the **add_principal** command in
:ref:`kadmin(1)`.
-Example:
-
- ::
+Example::
shell% kdb5_ldap_util -D cn=admin,o=org -H
ldaps://ldap-server1.mit.edu modify +requires_preauth -r
@@ -207,9 +203,7 @@ Displays the attributes of a realm. Options:
**-r** *realm*
Specifies the Kerberos realm of the database.
-Example:
-
- ::
+Example::
kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
view -r ATHENA.MIT.EDU
@@ -239,9 +233,7 @@ Destroys an existing realm. Options:
**-r** *realm*
Specifies the Kerberos realm of the database.
-Example:
-
- ::
+Example::
shell% kdb5_ldap_util -D cn=admin,o=org -H
ldaps://ldap-server1.mit.edu destroy -r ATHENA.MIT.EDU
@@ -262,9 +254,7 @@ list
Lists the name of realms.
-Example:
-
- ::
+Example::
shell% kdb5_ldap_util -D cn=admin,o=org -H
ldaps://ldap-server1.mit.edu list
@@ -297,9 +287,7 @@ to the LDAP server. Options:
Specifies Distinguished Name (DN) of the service object whose
password is to be stored in file.
-Example:
-
- ::
+Example::
kdb5_ldap_util stashsrvpw -f /home/andrew/conf_keyfile
cn=service-kdc,o=org
@@ -342,9 +330,7 @@ Creates a ticket policy in the directory. Options:
*policy_name*
Specifies the name of the ticket policy.
-Example:
-
- ::
+Example::
kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
create_policy -r ATHENA.MIT.EDU -maxtktlife "1 day"
@@ -369,9 +355,7 @@ modify_policy
Modifies the attributes of a ticket policy. Options are same as for
**create_policy**.
-Example:
-
- ::
+Example::
kdb5_ldap_util -D cn=admin,o=org -H
ldaps://ldap-server1.mit.edu modify_policy -r ATHENA.MIT.EDU
@@ -395,9 +379,7 @@ Displays the attributes of a ticket policy. Options:
*policy_name*
Specifies the name of the ticket policy.
-Example:
-
- ::
+Example::
kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
view_policy -r ATHENA.MIT.EDU tktpolicy
@@ -431,9 +413,7 @@ Destroys an existing ticket policy. Options:
*policy_name*
Specifies the name of the ticket policy.
-Example:
-
- ::
+Example::
kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
destroy_policy -r ATHENA.MIT.EDU tktpolicy
@@ -458,9 +438,7 @@ realm. Options:
**-r** *realm*
Specifies the Kerberos realm of the database.
-Example:
-
- ::
+Example::
kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
list_policy -r ATHENA.MIT.EDU
diff --git a/doc/admin/admin_commands/kpropd.rst b/doc/admin/admin_commands/kpropd.rst
index 0bd0a02..95b2e84 100644
--- a/doc/admin/admin_commands/kpropd.rst
+++ b/doc/admin/admin_commands/kpropd.rst
@@ -33,9 +33,7 @@ file, the slave Kerberos server will have an up-to-date KDC database.
Where incremental propagation is not used, kpropd is commonly invoked
out of inetd(8) as a nowait service. This is done by adding a line to
-the ``/etc/inetd.conf`` file which looks like this:
-
- ::
+the ``/etc/inetd.conf`` file which looks like this::
kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd
diff --git a/doc/admin/admin_commands/kproplog.rst b/doc/admin/admin_commands/kproplog.rst
index c7a0ea4..ed90639 100644
--- a/doc/admin/admin_commands/kproplog.rst
+++ b/doc/admin/admin_commands/kproplog.rst
@@ -53,9 +53,7 @@ OPTIONS
**-v**
Display individual attributes per update. An example of the
- output generated for one entry:
-
- ::
+ output generated for one entry::
Update Entry
Update serial # : 4
diff --git a/doc/admin/admin_commands/krb5kdc.rst b/doc/admin/admin_commands/krb5kdc.rst
index 89919f5..711159b 100644
--- a/doc/admin/admin_commands/krb5kdc.rst
+++ b/doc/admin/admin_commands/krb5kdc.rst
@@ -94,9 +94,7 @@ The realms are listed on the command line. Per-realm options that can
be specified on the command line pertain for each realm that follows
it and are superseded by subsequent definitions of the same option.
-For example:
-
- ::
+For example::
krb5kdc -p 2001 -r REALM1 -p 2002 -r REALM2 -r REALM3
diff --git a/doc/admin/admin_commands/sserver.rst b/doc/admin/admin_commands/sserver.rst
index 61826df..b4e4644 100644
--- a/doc/admin/admin_commands/sserver.rst
+++ b/doc/admin/admin_commands/sserver.rst
@@ -30,17 +30,13 @@ installed as |keytab|.
The **-S** option allows for a different keytab than the default.
sserver is normally invoked out of inetd(8), using a line in
-``/etc/inetd.conf`` that looks like this:
-
- ::
+``/etc/inetd.conf`` that looks like this::
sample stream tcp nowait root /usr/local/sbin/sserver sserver
Since ``sample`` is normally not a port defined in ``/etc/services``,
you will usually have to add a line to ``/etc/services`` which looks
-like this:
-
- ::
+like this::
sample 13135/tcp
@@ -52,9 +48,7 @@ connecting to, be sure that both hosts have an entry in /etc/services
for the sample tcp port, and that the same port number is in both
files.
-When you run sclient you should see something like this:
-
- ::
+When you run sclient you should see something like this::
sendauth succeeded, reply is:
reply len 32, contents:
@@ -64,49 +58,39 @@ When you run sclient you should see something like this:
COMMON ERROR MESSAGES
---------------------
-1) kinit returns the error:
-
- ::
+1) kinit returns the error::
kinit: Client not found in Kerberos database while getting
- initial credentials
+ initial credentials
This means that you didn't create an entry for your username in the
Kerberos database.
-2) sclient returns the error:
-
- ::
+2) sclient returns the error::
unknown service sample/tcp; check /etc/services
This means that you don't have an entry in /etc/services for the
sample tcp port.
-3) sclient returns the error:
-
- ::
+3) sclient returns the error::
connect: Connection refused
This probably means you didn't edit /etc/inetd.conf correctly, or
you didn't restart inetd after editing inetd.conf.
-4) sclient returns the error:
-
- ::
+4) sclient returns the error::
sclient: Server not found in Kerberos database while using
- sendauth
+ sendauth
This means that the ``sample/hostname at LOCAL.REALM`` service was not
defined in the Kerberos database; it should be created using
:ref:`kadmin(1)`, and a keytab file needs to be generated to make
the key for that service principal available for sclient.
-5) sclient returns the error:
-
- ::
+5) sclient returns the error::
sendauth rejected, error reply is:
"No such file or directory"
diff --git a/doc/admin/conf_files/kadm5_acl.rst b/doc/admin/conf_files/kadm5_acl.rst
index b03aacc..cd41864 100644
--- a/doc/admin/conf_files/kadm5_acl.rst
+++ b/doc/admin/conf_files/kadm5_acl.rst
@@ -19,9 +19,7 @@ SYNTAX
------
Empty lines and lines starting with the sharp sign (``#``) are
-ignored. Lines containing ACL entries have the format:
-
- ::
+ignored. Lines containing ACL entries have the format::
principal permissions [target_principal [restrictions] ]
@@ -98,9 +96,7 @@ ignored. Lines containing ACL entries have the format:
EXAMPLE
-------
-Here is an example of a kadm5.acl file.
-
- ::
+Here is an example of a kadm5.acl file::
*/admin at ATHENA.MIT.EDU * # line 1
joeadmin at ATHENA.MIT.EDU ADMCIL # line 2
diff --git a/doc/admin/conf_files/kdc_conf.rst b/doc/admin/conf_files/kdc_conf.rst
index edd25b2..9878266 100644
--- a/doc/admin/conf_files/kdc_conf.rst
+++ b/doc/admin/conf_files/kdc_conf.rst
@@ -491,9 +491,7 @@ In the following example, the logging messages from the KDC will go to
the console and to the system log under the facility LOG_DAEMON with
default severity of LOG_INFO; and the logging messages from the
administrative server will be appended to the file
-``/var/adm/kadmin.log`` and sent to the device ``/dev/tty04``.
-
- ::
+``/var/adm/kadmin.log`` and sent to the device ``/dev/tty04``. ::
[logging]
kdc = CONSOLE
@@ -543,9 +541,7 @@ For each token type, the following tags may be specified:
passed to the RADIUS server. Otherwise, the realm will be
included. The default value is ``true``.
-In the following example, requests are sent to a remote server via UDP.
-
- ::
+In the following example, requests are sent to a remote server via UDP::
[otp]
MyRemoteTokenType = {
@@ -559,9 +555,7 @@ In the following example, requests are sent to a remote server via UDP.
An implicit default token type named ``DEFAULT`` is defined for when
the per-principal configuration does not specify a token type. Its
configuration is shown below. You may override this token type to
-something applicable for your situation.
-
- ::
+something applicable for your situation::
[otp]
DEFAULT = {
@@ -579,18 +573,14 @@ PKINIT options
realm-specific value over-rides, does not add to, a generic
[kdcdefaults] specification. The search order is:
-1. realm-specific subsection of [realms],
-
- ::
+1. realm-specific subsection of [realms]::
[realms]
EXAMPLE.COM = {
pkinit_anchors = FILE:/usr/local/example.com.crt
}
-2. generic value in the [kdcdefaults] section.
-
- ::
+2. generic value in the [kdcdefaults] section::
[kdcdefaults]
pkinit_anchors = DIR:/usr/local/generic_trusted_cas/
@@ -733,9 +723,7 @@ commands and configuration parameters that affect generation of keys
take lists of enctype-salttype ("keysalt") pairs, known as *keysalt
lists*. Each keysalt pair is an enctype name followed by a salttype
name, in the format *enc*:*salt*. Individual keysalt list members are
-separated by comma (",") characters or space characters. For example:
-
- ::
+separated by comma (",") characters or space characters. For example::
kadmin -e aes256-cts:normal,aes128-cts:normal
@@ -761,9 +749,7 @@ special generate a random salt
Sample kdc.conf File
--------------------
-Here's an example of a kdc.conf file:
-
- ::
+Here's an example of a kdc.conf file::
[kdcdefaults]
kdc_ports = 88
diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
index f5a1773..149993a 100644
--- a/doc/admin/conf_files/krb5_conf.rst
+++ b/doc/admin/conf_files/krb5_conf.rst
@@ -17,14 +17,11 @@ Structure
The krb5.conf file is set up in the style of a Windows INI file.
Sections are headed by the section name, in square brackets. Each
-section may contain zero or more relations, of the form:
-
- ::
+section may contain zero or more relations, of the form::
foo = bar
-or
- ::
+or::
fubar = {
foo = bar
@@ -36,8 +33,7 @@ value for the tag. This means that neither the remainder of this
configuration file nor any other configuration file will be checked
for any other values for this tag.
-For example, if you have the following lines:
- ::
+For example, if you have the following lines::
foo = bar*
foo = baz
@@ -45,9 +41,7 @@ For example, if you have the following lines:
then the second value of ``foo`` (``baz``) would never be read.
The krb5.conf file can include other files using either of the
-following directives at the beginning of a line:
-
- ::
+following directives at the beginning of a line::
include FILENAME
includedir DIRNAME
@@ -62,9 +56,7 @@ file must begin with a section header.
The krb5.conf file can specify that configuration should be obtained
from a loadable module, rather than the file itself, using the
following directive at the beginning of a line before any section
-headers:
-
- ::
+headers::
module MODULEPATH:RESIDUAL
@@ -398,8 +390,7 @@ following tags may be specified in the realm's subsection:
default realm, this rule is not applicable and the conversion
will fail.
- For example:
- ::
+ For example::
[realms]
ATHENA.MIT.EDU = {
@@ -479,9 +470,7 @@ for that particular host or domain. A host name relation implicitly
provides the corresponding domain name relation, unless an explicit domain
name relation is provided. The Kerberos realm may be
identified either in the realms_ section or using DNS SRV records.
-Host names and domain names should be in lower case. For example:
-
- ::
+Host names and domain names should be in lower case. For example::
[domain_realm]
crash.mit.edu = TEST.ATHENA.MIT.EDU
@@ -537,9 +526,7 @@ For example, ``ANL.GOV``, ``PNL.GOV``, and ``NERSC.GOV`` all wish to
use the ``ES.NET`` realm as an intermediate realm. ANL has a sub
realm of ``TEST.ANL.GOV`` which will authenticate with ``NERSC.GOV``
but not ``PNL.GOV``. The [capaths] section for ``ANL.GOV`` systems
-would look like this:
-
- ::
+would look like this::
[capaths]
ANL.GOV = {
@@ -562,9 +549,7 @@ would look like this:
}
The [capaths] section of the configuration file used on ``NERSC.GOV``
-systems would look like this:
-
- ::
+systems would look like this::
[capaths]
NERSC.GOV = {
@@ -602,8 +587,7 @@ Each tag in the [appdefaults] section names a Kerberos V5 application
or an option that is used by some Kerberos V5 application[s]. The
value of the tag defines the default behaviors for that application.
-For example:
- ::
+For example::
[appdefaults]
telnet = {
@@ -825,27 +809,21 @@ PKINIT options
A realm-specific value overrides, not adds to, a generic
[libdefaults] specification. The search order is:
-1. realm-specific subsection of [libdefaults]:
-
- ::
+1. realm-specific subsection of [libdefaults]::
[libdefaults]
EXAMPLE.COM = {
pkinit_anchors = FILE:/usr/local/example.com.crt
}
-2. realm-specific value in the [realms] section,
-
- ::
+2. realm-specific value in the [realms] section::
[realms]
OTHERREALM.ORG = {
pkinit_anchors = FILE:/usr/local/otherrealm.org.crt
}
-3. generic value in the [libdefaults] section.
-
- ::
+3. generic value in the [libdefaults] section::
[libdefaults]
pkinit_anchors = DIR:/usr/local/generic_trusted_cas/
@@ -978,9 +956,7 @@ PKINIT krb5.conf options
* digitalSignature
* keyEncipherment
- Examples:
-
- ::
+ Examples::
pkinit_cert_match = ||<SUBJECT>.*DoE.*<SAN>.*@EXAMPLE.COM
pkinit_cert_match = &&<EKU>msScLogin,clientAuth<ISSUER>.*DoE.*
@@ -1097,9 +1073,7 @@ Valid parameters are:
Sample krb5.conf file
---------------------
-Here is an example of a generic krb5.conf file:
-
- ::
+Here is an example of a generic krb5.conf file::
[libdefaults]
default_realm = ATHENA.MIT.EDU
diff --git a/doc/admin/database.rst b/doc/admin/database.rst
index ab134b0..4c4cc99 100644
--- a/doc/admin/database.rst
+++ b/doc/admin/database.rst
@@ -140,7 +140,7 @@ type the following::
Principal "david at ATHENA.MIT.EDU" created.
kadmin:
-If you want to delete a principal ::
+If you want to delete a principal::
kadmin: delprinc jennifer
Are you sure you want to delete the principal
diff --git a/doc/admin/princ_dns.rst b/doc/admin/princ_dns.rst
index 0f5662b..e1d823f 100644
--- a/doc/admin/princ_dns.rst
+++ b/doc/admin/princ_dns.rst
@@ -38,12 +38,10 @@ the hostname. They obtain the "canonical" name of the host when doing
so. By default, MIT Kerberos clients will also then do reverse DNS
resolution (looking up the hostname associated with the IPv4 or IPv6
address using ``getnameinfo()``) of the hostname. Using the
-:ref:`krb5.conf(5)` setting
+:ref:`krb5.conf(5)` setting::
- ::
-
- [libdefaults]
- rdns = false
+ [libdefaults]
+ rdns = false
will disable reverse DNS lookup on clients. The default setting is
"true".
@@ -74,12 +72,10 @@ Overriding application behavior
Applications can choose to use a default hostname component in their
service principal name when accepting authentication, which avoids
some sorts of hostname mismatches. Because not all relevant
-applications do this yet, using the :ref:`krb5.conf(5)` setting
-
- ::
+applications do this yet, using the :ref:`krb5.conf(5)` setting::
- [libdefaults]
- ignore_acceptor_hostname = true
+ [libdefaults]
+ ignore_acceptor_hostname = true
will allow the Kerberos library to override the application's choice
of service principal hostname and will allow a server program to
diff --git a/doc/appdev/init_creds.rst b/doc/appdev/init_creds.rst
index 07baa4a..5c3c0a8 100644
--- a/doc/appdev/init_creds.rst
+++ b/doc/appdev/init_creds.rst
@@ -27,9 +27,7 @@ credentials for a client using a password. An application that needs
to verify the credentials can call :c:func:`krb5_verify_init_creds`.
Here is an example of code to obtain and verify TGT credentials, given
strings *princname* and *password* for the client principal name and
-password:
-
- ::
+password::
krb5_error_code ret;
krb5_creds creds;
@@ -57,9 +55,7 @@ The function :c:func:`krb5_get_init_creds_password` takes an options
parameter (which can be a null pointer). Use the function
:c:func:`krb5_get_init_creds_opt_alloc` to allocate an options
structure, and :c:func:`krb5_get_init_creds_opt_free` to free it. For
-example:
-
- ::
+example::
krb5_error_code ret;
krb5_get_init_creds_opt *opt = NULL;
@@ -97,9 +93,7 @@ with the KDC's realm and a single empty data component (the principal
obtained by parsing ``@``\ *realmname*). Authentication will take
place using anonymous PKINIT; if successful, the client principal of
the resulting tickets will be
-``WELLKNOWN/ANONYMOUS at WELLKNOWN:ANONYMOUS``. Here is an example:
-
- ::
+``WELLKNOWN/ANONYMOUS at WELLKNOWN:ANONYMOUS``. Here is an example::
krb5_get_init_creds_opt_set_anonymous(opt, 1);
ret = krb5_build_principal(context, &client_princ, strlen(myrealm),
@@ -155,9 +149,7 @@ type information is available.
Text-based applications can use a built-in text prompter
implementation by supplying :c:func:`krb5_prompter_posix` as the
*prompter* parameter and a null pointer as the *data* parameter. For
-example:
-
- ::
+example::
ret = krb5_get_init_creds_password(context, &creds, client_princ,
NULL, krb5_prompter_posix, NULL, 0,
@@ -229,9 +221,7 @@ be called multiple times.
Example
#######
-Here is an example of using a responder callback:
-
- ::
+Here is an example of using a responder callback::
static krb5_error_code
my_responder(krb5_context context, void *data,
@@ -291,9 +281,7 @@ credentials. It takes an options structure (which can be a null
pointer). Use :c:func:`krb5_verify_init_creds_opt_init` to initialize
the caller-allocated options structure, and
:c:func:`krb5_verify_init_creds_opt_set_ap_req_nofail` to set the
-"nofail" option. For example:
-
- ::
+"nofail" option. For example::
krb5_verify_init_creds_opt vopt;
diff --git a/doc/basic/date_format.rst b/doc/basic/date_format.rst
index f9460fe..6ee82ce 100644
--- a/doc/basic/date_format.rst
+++ b/doc/basic/date_format.rst
@@ -108,7 +108,7 @@ following ways:
(See :ref:`abbreviation`.)
-Example ::
+Example::
Set the default expiration date to July 27, 2012 at 20:30
default_principal_expiration = 20120727203000
diff --git a/doc/user/user_commands/klist.rst b/doc/user/user_commands/klist.rst
index 00ad0ff..c24c741 100644
--- a/doc/user/user_commands/klist.rst
+++ b/doc/user/user_commands/klist.rst
@@ -44,9 +44,7 @@ OPTIONS
**-f**
Shows the flags present in the credentials, using the following
- abbreviations:
-
- ::
+ abbreviations::
F Forwardable
f forwarded
diff --git a/doc/user/user_commands/krb5-config.rst b/doc/user/user_commands/krb5-config.rst
index b4a87ff..ee0fcea 100644
--- a/doc/user/user_commands/krb5-config.rst
+++ b/doc/user/user_commands/krb5-config.rst
@@ -71,9 +71,7 @@ krb5-config is particularly useful for compiling against a Kerberos
installation that was installed in a non-standard location. For example,
a Kerberos installation that is installed in ``/opt/krb5/`` but uses
libraries in ``/usr/local/lib/`` for text localization would produce
-the following output:
-
- ::
+the following output::
shell% krb5-config --libs krb5
-L/opt/krb5/lib -Wl,-rpath -Wl,/opt/krb5/lib -L/usr/local/lib -lkrb5 -lk5crypto -lcom_err
diff --git a/doc/user/user_commands/ksu.rst b/doc/user/user_commands/ksu.rst
index d1a8091..975c898 100644
--- a/doc/user/user_commands/ksu.rst
+++ b/doc/user/user_commands/ksu.rst
@@ -86,8 +86,7 @@ user's home directory, ksu attempts to access two authorization files:
contains the name of a principal that is authorized to access the
account.
-For example:
- ::
+For example::
jqpublic at USC.EDU
jqpublic/secure at USC.EDU
@@ -221,9 +220,7 @@ OPTIONS
defined the source cache name is set to ``krb5cc_<source uid>``.
The target cache name is automatically set to ``krb5cc_<target
uid>.(gen_sym())``, where gen_sym generates a new number such that
- the resulting cache does not already exist. For example:
-
- ::
+ the resulting cache does not already exist. For example::
krb5cc_1984.2
@@ -283,9 +280,7 @@ Ticket granting ticket options:
**-e** *command* [*args* ...]
ksu proceeds exactly the same as if it was invoked without the
**-e** option, except instead of executing the target shell, ksu
- executes the specified command. Example of usage:
-
- ::
+ executes the specified command. Example of usage::
ksu bob -e ls -lag
@@ -304,9 +299,7 @@ Ticket granting ticket options:
list of commands that the principal is authorized to execute. A
principal name followed by a ``*`` means that the user is
authorized to execute any command. Thus, in the following
- example:
-
- ::
+ example::
jqpublic at USC.EDU ls mail /local/kerberos/klist
jqpublic/secure at USC.EDU *
@@ -338,9 +331,7 @@ Ticket granting ticket options:
thus all options intended for ksu must precede **-a**.
The **-a** option can be used to simulate the **-e** option if
- used as follows:
-
- ::
+ used as follows::
-a -c [command [arguments]].
@@ -376,8 +367,7 @@ ksu can be compiled with the following four flags:
called to obtain the names of "legal shells". Note that the
target user's shell is obtained from the passwd file.
-Sample configuration:
- ::
+Sample configuration::
KSU_OPTS = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /usr/ucb /local/bin"
diff --git a/doc/user/user_config/k5identity.rst b/doc/user/user_config/k5identity.rst
index 21c340e..cf5d95e 100644
--- a/doc/user/user_config/k5identity.rst
+++ b/doc/user/user_config/k5identity.rst
@@ -51,9 +51,7 @@ The following example .k5identity file selects the client principal
``alice at KRBTEST.COM`` if the server principal is within that realm,
the principal ``alice/root at EXAMPLE.COM`` if the server host is within
a servers subdomain, and the principal ``alice/mail at EXAMPLE.COM`` when
-accessing the IMAP service on ``mail.example.com``:
-
- ::
+accessing the IMAP service on ``mail.example.com``::
alice at KRBTEST.COM realm=KRBTEST.COM
alice/root at EXAMPLE.COM host=*.servers.example.com
diff --git a/doc/user/user_config/k5login.rst b/doc/user/user_config/k5login.rst
index 90e4865..8a9753d 100644
--- a/doc/user/user_config/k5login.rst
+++ b/doc/user/user_config/k5login.rst
@@ -18,9 +18,7 @@ EXAMPLES
--------
Suppose the user ``alice`` had a .k5login file in her home directory
-containing just the following line:
-
- ::
+containing just the following line::
bob at FOOBAR.ORG
@@ -35,9 +33,7 @@ machine's default realm to access the ``alice`` account.
Let us further suppose that ``alice`` is a system administrator.
Alice and the other system administrators would have their principals
-in root's .k5login file on each host:
-
- ::
+in root's .k5login file on each host::
alice at BLEEP.COM
More information about the cvs-krb5
mailing list