From b105201239c04ed3b95a16df628e70dee3996486 Mon Sep 17 00:00:00 2001
From: CSRG <csrg@ucbvax.Berkeley.EDU>
Date: Sun, 14 May 1995 01:40:21 -0800
Subject: [PATCH] BSD 4_4_Lite2 development Work on file
 usr/share/man/cat1/register.0 Work on file usr/share/man/cat8/registerd.0
 Work on file usr/share/man/cat8/make_keypair.0 Work on file
 usr/share/man/cat1/ksrvtgt.0 Work on file usr/share/man/cat1/klist.0 Work on
 file usr/share/man/cat1/kdestroy.0 Work on file usr/share/man/cat1/kerberos.0
 Work on file usr/share/man/cat3/acl_check.0 Work on file
 usr/share/man/cat1/kinit.0 Work on file usr/share/man/cat3/krb_rd_err.0 Work
 on file usr/share/man/cat3/krb_realmofhost.0 Work on file
 usr/share/man/cat3/krb_sendauth.0 Work on file usr/share/man/cat3/kerberos.0
 Work on file usr/share/man/cat3/krb_kntoln.0 Work on file
 usr/share/man/cat3/krb_mk_req.0 Work on file usr/share/man/cat3/krb_rd_req.0
 Work on file usr/share/man/cat3/krb.0 Work on file usr/share/man/cat3/realm.0
 Work on file usr/share/man/cat3/krb_rd_safe.0 Work on file
 usr/share/man/cat3/krb_set_tkt_string.0 Work on file
 usr/share/man/cat3/krb_get_cred.0 Work on file usr/share/man/cat3/des_crypt.0
 Work on file usr/share/man/cat3/des.0 Work on file usr/share/man/cat3/ksend.0
 Work on file usr/share/man/cat3/krb_ck_repl.0 Work on file
 usr/share/man/cat3/krb_set_key.0 Work on file usr/share/man/cat3/krb_mk_err.0
 Work on file usr/share/man/cat3/krb_mk_safe.0 Work on file
 usr/share/man/cat3/krb_mk_priv.0 Work on file usr/share/man/cat8/ext_srvtab.0
 Work on file usr/share/man/cat5/krb.conf.0 Work on file
 usr/share/man/cat5/krb.realms.0 Work on file usr/share/man/cat8/kdb_destroy.0
 Work on file usr/share/man/cat3/tf_util.0 Work on file
 usr/share/man/cat3/kuserok.0 Work on file usr/share/man/cat8/kdb_edit.0 Work
 on file usr/share/man/cat8/kdb_init.0 Work on file
 usr/share/man/cat8/kstash.0 Work on file usr/share/man/cat8/kdb_util.0

Synthesized-from: CSRG/cd3/4.4BSD-Lite2
---
 usr/share/man/cat1/kdestroy.0           | 132 +++++++
 usr/share/man/cat1/kerberos.0           | 198 ++++++++++
 usr/share/man/cat1/kinit.0              | 132 +++++++
 usr/share/man/cat1/klist.0              | 132 +++++++
 usr/share/man/cat1/ksrvtgt.0            |  66 ++++
 usr/share/man/cat1/register.0           |  66 ++++
 usr/share/man/cat3/acl_check.0          | 198 ++++++++++
 usr/share/man/cat3/des.0                | 396 ++++++++++++++++++++
 usr/share/man/cat3/des_crypt.0          | 396 ++++++++++++++++++++
 usr/share/man/cat3/kerberos.0           | 462 ++++++++++++++++++++++++
 usr/share/man/cat3/krb.0                | 462 ++++++++++++++++++++++++
 usr/share/man/cat3/krb_ck_repl.0        | 462 ++++++++++++++++++++++++
 usr/share/man/cat3/krb_get_cred.0       | 462 ++++++++++++++++++++++++
 usr/share/man/cat3/krb_kntoln.0         | 462 ++++++++++++++++++++++++
 usr/share/man/cat3/krb_mk_err.0         | 462 ++++++++++++++++++++++++
 usr/share/man/cat3/krb_mk_priv.0        | 462 ++++++++++++++++++++++++
 usr/share/man/cat3/krb_mk_req.0         | 462 ++++++++++++++++++++++++
 usr/share/man/cat3/krb_mk_safe.0        | 462 ++++++++++++++++++++++++
 usr/share/man/cat3/krb_rd_err.0         | 462 ++++++++++++++++++++++++
 usr/share/man/cat3/krb_rd_req.0         | 462 ++++++++++++++++++++++++
 usr/share/man/cat3/krb_rd_safe.0        | 462 ++++++++++++++++++++++++
 usr/share/man/cat3/krb_realmofhost.0    | 198 ++++++++++
 usr/share/man/cat3/krb_sendauth.0       | 264 ++++++++++++++
 usr/share/man/cat3/krb_set_key.0        | 462 ++++++++++++++++++++++++
 usr/share/man/cat3/krb_set_tkt_string.0 |  66 ++++
 usr/share/man/cat3/ksend.0              | 264 ++++++++++++++
 usr/share/man/cat3/kuserok.0            |  66 ++++
 usr/share/man/cat3/realm.0              | 198 ++++++++++
 usr/share/man/cat3/tf_util.0            | 198 ++++++++++
 usr/share/man/cat5/krb.conf.0           |  66 ++++
 usr/share/man/cat5/krb.realms.0         |  66 ++++
 usr/share/man/cat8/ext_srvtab.0         |  66 ++++
 usr/share/man/cat8/kdb_destroy.0        |  66 ++++
 usr/share/man/cat8/kdb_edit.0           |  66 ++++
 usr/share/man/cat8/kdb_init.0           |  66 ++++
 usr/share/man/cat8/kdb_util.0           | 132 +++++++
 usr/share/man/cat8/kstash.0             |  66 ++++
 usr/share/man/cat8/make_keypair.0       |  31 ++
 usr/share/man/cat8/registerd.0          |  31 ++
 39 files changed, 9632 insertions(+)
 create mode 100644 usr/share/man/cat1/kdestroy.0
 create mode 100644 usr/share/man/cat1/kerberos.0
 create mode 100644 usr/share/man/cat1/kinit.0
 create mode 100644 usr/share/man/cat1/klist.0
 create mode 100644 usr/share/man/cat1/ksrvtgt.0
 create mode 100644 usr/share/man/cat1/register.0
 create mode 100644 usr/share/man/cat3/acl_check.0
 create mode 100644 usr/share/man/cat3/des.0
 create mode 100644 usr/share/man/cat3/des_crypt.0
 create mode 100644 usr/share/man/cat3/kerberos.0
 create mode 100644 usr/share/man/cat3/krb.0
 create mode 100644 usr/share/man/cat3/krb_ck_repl.0
 create mode 100644 usr/share/man/cat3/krb_get_cred.0
 create mode 100644 usr/share/man/cat3/krb_kntoln.0
 create mode 100644 usr/share/man/cat3/krb_mk_err.0
 create mode 100644 usr/share/man/cat3/krb_mk_priv.0
 create mode 100644 usr/share/man/cat3/krb_mk_req.0
 create mode 100644 usr/share/man/cat3/krb_mk_safe.0
 create mode 100644 usr/share/man/cat3/krb_rd_err.0
 create mode 100644 usr/share/man/cat3/krb_rd_req.0
 create mode 100644 usr/share/man/cat3/krb_rd_safe.0
 create mode 100644 usr/share/man/cat3/krb_realmofhost.0
 create mode 100644 usr/share/man/cat3/krb_sendauth.0
 create mode 100644 usr/share/man/cat3/krb_set_key.0
 create mode 100644 usr/share/man/cat3/krb_set_tkt_string.0
 create mode 100644 usr/share/man/cat3/ksend.0
 create mode 100644 usr/share/man/cat3/kuserok.0
 create mode 100644 usr/share/man/cat3/realm.0
 create mode 100644 usr/share/man/cat3/tf_util.0
 create mode 100644 usr/share/man/cat5/krb.conf.0
 create mode 100644 usr/share/man/cat5/krb.realms.0
 create mode 100644 usr/share/man/cat8/ext_srvtab.0
 create mode 100644 usr/share/man/cat8/kdb_destroy.0
 create mode 100644 usr/share/man/cat8/kdb_edit.0
 create mode 100644 usr/share/man/cat8/kdb_init.0
 create mode 100644 usr/share/man/cat8/kdb_util.0
 create mode 100644 usr/share/man/cat8/kstash.0
 create mode 100644 usr/share/man/cat8/make_keypair.0
 create mode 100644 usr/share/man/cat8/registerd.0

diff --git a/usr/share/man/cat1/kdestroy.0 b/usr/share/man/cat1/kdestroy.0
new file mode 100644
index 0000000000..59a1849bca
--- /dev/null
+++ b/usr/share/man/cat1/kdestroy.0
@@ -0,0 +1,132 @@
+
+
+
+KDESTROY(1)            BSD Reference Manual           KDESTROY(1)
+
+
+NNAAMMEE
+       kdestroy - destroy Kerberos tickets
+
+SSYYNNOOPPSSIISS
+       kkddeessttrrooyy [ --ff ] [ --qq ]
+
+DDEESSCCRRIIPPTTIIOONN
+       The  _k_d_e_s_t_r_o_y  utility destroys the user's active Kerberos
+       authorization tickets by writing zeros to  the  file  that
+       contains  them.   If  the ticket file does not exist, _k_d_e_-
+       _s_t_r_o_y displays a message to that effect.
+
+       After overwriting the file, _k_d_e_s_t_r_o_y removes the file from
+       the system.  The utility displays a message indicating the
+       success or failure  of  the  operation.   If  _k_d_e_s_t_r_o_y  is
+       unable  to  destroy the ticket file, the utility will warn
+       you by making your terminal beep.
+
+       In the Athena workstation environment, the _t_o_e_h_o_l_d service
+       automatically  destroys  your tickets when you end a work-
+       station session.  If your site does not provide a  similar
+       ticket-destroying  mechanism,  you  can place the _k_d_e_s_t_r_o_y
+       command in your _._l_o_g_o_u_t file  so  that  your  tickets  are
+       destroyed automatically when you logout.
+
+       The options to _k_d_e_s_t_r_o_y are as follows:
+
+       --ff     _k_d_e_s_t_r_o_y  runs  without  displaying the status mes-
+              sage.
+
+       --qq     _k_d_e_s_t_r_o_y will not make your  terminal  beep  if  it
+              fails to destroy the tickets.
+
+FFIILLEESS
+       KRBTKFILE environment variable if set, otherwise
+       /tmp/tkt[uid]
+
+SSEEEE AALLSSOO
+       kerberos(1), kinit(1), klist(1)
+
+BBUUGGSS
+       Only  the  tickets  in  the user's current ticket file are
+       destroyed.  Separate ticket files are used  to  hold  root
+       instance  and  password  changing  tickets.   These  files
+       should probably be destroyed too, or all of a user's tick-
+       ets kept in a single ticket file.
+
+AAUUTTHHOORRSS
+       Steve  Miller, MIT Project Athena/Digital Equipment Corpo-
+       ration
+       Clifford Neuman, MIT Project Athena
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
+
+
+
+KDESTROY(1)            BSD Reference Manual           KDESTROY(1)
+
+
+       Bill Sommerfeld, MIT Project Athena
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     2
+
+
+
+
+
diff --git a/usr/share/man/cat1/kerberos.0 b/usr/share/man/cat1/kerberos.0
new file mode 100644
index 0000000000..7607076e93
--- /dev/null
+++ b/usr/share/man/cat1/kerberos.0
@@ -0,0 +1,198 @@
+
+
+
+KERBEROS(1)            BSD Reference Manual           KERBEROS(1)
+
+
+NNAAMMEE
+       kerberos - introduction to the Kerberos system
+
+
+DDEESSCCRRIIPPTTIIOONN
+       The  Kerberos  system  authenticates individual users in a
+       network environment.   After  authenticating  yourself  to
+       Kerberos,  you  can  use network utilities such as _r_l_o_g_i_n,
+       _r_c_p, and _r_s_h without having to present passwords to remote
+       hosts  and  without  having  to bother with _._r_h_o_s_t_s files.
+       Note that these utilities will work without passwords only
+       if  the remote machines you deal with support the Kerberos
+       system.  All Athena timesharing machines and public  work-
+       stations support Kerberos.
+
+       Before  you  can  use  Kerberos,  you  must register as an
+       Athena user, and you must make sure you have been added to
+       the  Kerberos  database.  You can use the _k_i_n_i_t command to
+       find out.  This command tries to log you into the Kerberos
+       system.   _k_i_n_i_t  will  prompt you for a username and pass-
+       word.  Enter your username and password.  If  the  utility
+       lets  you  login  without  giving  you a message, you have
+       already been registered.
+
+       If you enter your username and _k_i_n_i_t  responds  with  this
+       message:
+
+       Principal unknown (kerberos)
+
+       you  haven't been registered as a Kerberos user.  See your
+       system administrator.
+
+       A Kerberos name contains three parts.  The  first  is  the
+       _p_r_i_n_c_i_p_a_l  _n_a_m_e_,  which  is  usually a user's or service's
+       name.  The second is the _i_n_s_t_a_n_c_e_, which in the case of  a
+       user  is  usually  null.   Some  users may have privileged
+       instances, however, such as ``root'' or ``admin''.  In the
+       case of a service, the instance is the name of the machine
+       on which it runs; i.e. there can be an _r_l_o_g_i_n service run-
+       ning  on  the  machine  ABC,  which  is different from the
+       rlogin service running on the machine XYZ.  The third part
+       of a Kerberos name is the _r_e_a_l_m_.  The realm corresponds to
+       the Kerberos  service  providing  authentication  for  the
+       principal.   For  example, at MIT there is a Kerberos run-
+       ning at the Laboratory for Computer Science and  one  run-
+       ning at Project Athena.
+
+       When  writing a Kerberos name, the principal name is sepa-
+       rated from the instance (if not null) by a period, and the
+       realm  (if  not  the  local realm) follows, preceded by an
+       ``@'' sign.  The following are examples of valid  Kerberos
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
+
+
+
+KERBEROS(1)            BSD Reference Manual           KERBEROS(1)
+
+
+       names:
+
+               billb
+               jis.admin
+               srz@lcs.mit.edu
+               treese.root@athena.mit.edu
+
+       When  you  authenticate  yourself  with  Kerberos, through
+       either the workstation _t_o_e_h_o_l_d system or  the  _k_i_n_i_t  com-
+       mand,  Kerberos  gives you an initial Kerberos _t_i_c_k_e_t.  (A
+       Kerberos ticket is an encrypted protocol message that pro-
+       vides authentication.)  Kerberos uses this ticket for net-
+       work utilities such as _r_l_o_g_i_n and _r_c_p.  The ticket  trans-
+       actions are done transparently, so you don't have to worry
+       about their management.
+
+       Note, however, that tickets expire.   Privileged  tickets,
+       such  as  root  instance tickets, expire in a few minutes,
+       while tickets that carry more ordinary privileges  may  be
+       good  for several hours or a day, depending on the instal-
+       lation's policy.  If your login session extends beyond the
+       time  limit,  you will have to re-authenticate yourself to
+       Kerberos to get new tickets.  Use the _k_i_n_i_t command to re-
+       authenticate yourself.
+
+       If  you  use  the  _k_i_n_i_t command to get your tickets, make
+       sure you use the _k_d_e_s_t_r_o_y command to destroy your  tickets
+       before  you  end  your login session.  You should probably
+       put the _k_d_e_s_t_r_o_y command in your _._l_o_g_o_u_t file so that your
+       tickets  will  be destroyed automatically when you logout.
+       For more information about the  _k_i_n_i_t  and  _k_d_e_s_t_r_o_y  com-
+       mands, see the _k_i_n_i_t_(_1_) and _k_d_e_s_t_r_o_y_(_1_) manual pages.
+
+       Currently,  Kerberos  supports  the following network ser-
+       vices: _r_l_o_g_i_n, _r_s_h, and _r_c_p.   Other  services  are  being
+       worked  on,  such  as the _p_o_p mail system and NFS (network
+       file system), but are not yet available.
+
+
+SSEEEE AALLSSOO
+       kdestroy(1), kinit(1), klist(1), kpasswd(1), des_crypt(3),
+       kerberos(3), kadmin(8)
+
+BBUUGGSS
+       Kerberos  will not do authentication forwarding.  In other
+       words, if you use _r_l_o_g_i_n to login to a  remote  host,  you
+       cannot  use  Kerberos  services  from  that host until you
+       authenticate yourself explicitly on that  host.   Although
+       you  may need to authenticate yourself on the remote host,
+       be aware that when you do so, _r_l_o_g_i_n sends  your  password
+       across the network in clear text.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     2
+
+
+
+
+
+
+
+
+KERBEROS(1)            BSD Reference Manual           KERBEROS(1)
+
+
+AAUUTTHHOORRSS
+       Steve  Miller, MIT Project Athena/Digital Equipment Corpo-
+       ration
+       Clifford Neuman, MIT Project Athena
+
+       The following people helped out on various aspects of  the
+       system:
+
+       Jeff Schiller designed and wrote the administration server
+       and its user interface, kadmin.  He  also  wrote  the  dbm
+       version of the database management system.
+
+       Mark Colan developed the Kerberos versions of _r_l_o_g_i_n, _r_s_h,
+       and _r_c_p, as well as contributing work on the servers.
+
+       John Ostlund developed the Kerberos versions of _p_a_s_s_w_d and
+       _u_s_e_r_r_e_g.
+
+       Stan  Zanarotti  pioneered  Kerberos  in  a  foreign realm
+       (LCS), and made many contributions based on  that  experi-
+       ence.
+
+       Many  people contributed code and/or useful ideas, includ-
+       ing Jim Aspnes, Bob Baldwin, John  Barba,  Richard  Basch,
+       Jim  Bloom,  Bill  Bryant,  Rob  French,  Dan  Geer, David
+       Jedlinsky, John Kohl, John Kubiatowicz, Bob  McKie,  Brian
+       Murphy,   Ken  Raeburn,  Chris  Reed,  Jon  Rochlis,  Mike
+       Shanzer, Bill Sommerfeld, Jennifer Steiner, Ted Ts'o,  and
+       Win Treese.
+
+
+RREESSTTRRIICCTTIIOONNSS
+       COPYRIGHT 1985,1986 Massachusetts Institute of Technology
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     3
+
+
+
+
+
diff --git a/usr/share/man/cat1/kinit.0 b/usr/share/man/cat1/kinit.0
new file mode 100644
index 0000000000..13cf8d0b8f
--- /dev/null
+++ b/usr/share/man/cat1/kinit.0
@@ -0,0 +1,132 @@
+
+
+
+KINIT(1)               BSD Reference Manual              KINIT(1)
+
+
+NNAAMMEE
+       kinit - Kerberos login utility
+
+SSYYNNOOPPSSIISS
+       kkiinniitt [ --iirrvvll ]
+
+DDEESSCCRRIIPPTTIIOONN
+       The _k_i_n_i_t command is used to login to the Kerberos authen-
+       tication and authorization system.  Note that only  regis-
+       tered  Kerberos  users  can  use the Kerberos system.  For
+       information about registering as a Kerberos user, see  the
+       _k_e_r_b_e_r_o_s_(_1_) manual page.
+
+       If  you are logged in to a workstation that is running the
+       _t_o_e_h_o_l_d service, you do not have to use _k_i_n_i_t_.   The  _t_o_e_-
+       _h_o_l_d  login procedure will log you into Kerberos automati-
+       cally.  You will need to use _k_i_n_i_t only  in  those  situa-
+       tions in which your original tickets have expired.  (Tick-
+       ets expire in about a day.)  Note  as  well  that  _t_o_e_h_o_l_d
+       will  automatically  destroy  your tickets when you logout
+       from the workstation.
+
+       When you use _k_i_n_i_t without options,  the  utility  prompts
+       for  your  username  and  Kerberos  password, and tries to
+       authenticate your login with the local Kerberos server.
+
+       If  Kerberos  authenticates  the  login   attempt,   _k_i_n_i_t
+       retrieves  your  initial  ticket and puts it in the ticket
+       file specified by your KRBTKFILE environment variable.  If
+       this  variable is undefined, your ticket will be stored in
+       the _/_t_m_p directory, in the file _t_k_t_u_i_d _, where _u_i_d  speci-
+       fies your user identification number.
+
+       If  you  have logged in to Kerberos without the benefit of
+       the workstation _t_o_e_h_o_l_d system, make sure you use the _k_d_e_-
+       _s_t_r_o_y command to destroy any active tickets before you end
+       your login session.  You may want to put the _k_d_e_s_t_r_o_y com-
+       mand  in  your  _._l_o_g_o_u_t  file so that your tickets will be
+       destroyed automatically when you logout.
+
+       The options to _k_i_n_i_t are as follows:
+
+       --ii     _k_i_n_i_t prompts you for a Kerberos instance.
+
+       --rr     _k_i_n_i_t prompts  you  for  a  Kerberos  realm.   This
+              option lets you authenticate yourself with a remote
+              Kerberos server.
+
+       --vv     Verbose mode.  _k_i_n_i_t prints the name of the  ticket
+              file used, and a status message indicating the suc-
+              cess or failure of your login attempt.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
+
+
+
+KINIT(1)               BSD Reference Manual              KINIT(1)
+
+
+       --ll     _k_i_n_i_t prompts you for a ticket lifetime in minutes.
+              Due to protocol restrictions in Kerberos Version 4,
+              this value must be between 5 and 1275 minutes.
+
+SSEEEE AALLSSOO
+       kerberos(1), kdestroy(1), klist(1), toehold(1)
+
+BBUUGGSS
+       The --rr option has not been fully implemented.
+
+AAUUTTHHOORRSS
+       Steve Miller, MIT Project Athena/Digital Equipment  Corpo-
+       ration
+       Clifford Neuman, MIT Project Athena
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     2
+
+
+
+
+
diff --git a/usr/share/man/cat1/klist.0 b/usr/share/man/cat1/klist.0
new file mode 100644
index 0000000000..5db9335ee4
--- /dev/null
+++ b/usr/share/man/cat1/klist.0
@@ -0,0 +1,132 @@
+
+
+
+KLIST(1)               BSD Reference Manual              KLIST(1)
+
+
+NNAAMMEE
+       klist - list currently held Kerberos tickets
+
+SSYYNNOOPPSSIISS
+       kklliisstt [ --ss | --tt ] [ --ffiillee name ] [ --ssrrvvttaabb ]
+
+DDEESSCCRRIIPPTTIIOONN
+       _k_l_i_s_t prints the name of the tickets file and the identity
+       of the principal the tickets are for  (as  listed  in  the
+       tickets  file),  and lists the principal names of all Ker-
+       beros tickets currently held by the user, along  with  the
+       issue  and  expire time for each authenticator.  Principal
+       names are listed in the form _n_a_m_e_._i_n_s_t_a_n_c_e_@_r_e_a_l_m_, with the
+       '.'  omitted  if the instance is null, and the '@' omitted
+       if the realm is null.
+
+       If given the --ss option, _k_l_i_s_t does not print the issue and
+       expire  times,  the name of the tickets file, or the iden-
+       tity of the principal.
+
+       If given the --tt option, kklliisstt checks for the existence  of
+       a  non-expired  ticket-granting-ticket in the ticket file.
+       If one is present, it exits with status 0, else  it  exits
+       with status 1.  No output is generated when this option is
+       specified.
+
+       If given the --ffiillee option, the following argument is  used
+       as  the ticket file.  Otherwise, if the KKRRBBTTKKFFIILLEE environ-
+       ment variable is set, it is  used.   If  this  environment
+       variable is not set, the file //ttmmpp//ttkktt[[uuiidd]] is used, where
+       uuiidd is the current user-id of the user.
+
+       If given the --ssrrvvttaabb option, the file is treated as a ser-
+       vice key file, and the names of the keys contained therein
+       are printed.  If no file is specified with a --ffiillee option,
+       the default is _/_e_t_c_/_k_e_r_b_e_r_o_s_I_V_/_s_r_v_t_a_b.
+
+FFIILLEESS
+       /etc/kerberosIV/krb.conf
+                           to get the name of the local realm
+
+       /tmp/tkt[uid]       as  the  default ticket file ([uid] is
+                           the decimal UID of the user).
+
+       /etc/kerberosIV/srvtab
+                           as the default service key file
+
+SSEEEE AALLSSOO
+       kerberos(1), kinit(1), kdestroy(1)
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
+
+
+
+KLIST(1)               BSD Reference Manual              KLIST(1)
+
+
+BBUUGGSS
+       When reading a file as a service  key  file,  very  little
+       sanity or error checking is performed.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     2
+
+
+
+
+
diff --git a/usr/share/man/cat1/ksrvtgt.0 b/usr/share/man/cat1/ksrvtgt.0
new file mode 100644
index 0000000000..c8e9d15a42
--- /dev/null
+++ b/usr/share/man/cat1/ksrvtgt.0
@@ -0,0 +1,66 @@
+
+
+
+KSRVTGT(1)             BSD Reference Manual            KSRVTGT(1)
+
+
+NNAAMMEE
+       ksrvtgt  - fetch and store Kerberos ticket-granting-ticket
+       using a service key
+
+SSYYNNOOPPSSIISS
+       kkssrrvvttggtt name instance [[realm] srvtab]
+
+DDEESSCCRRIIPPTTIIOONN
+       _k_s_r_v_t_g_t retrieves a ticket-granting ticket with a lifetime
+       of  five (5) minutes for the principal _n_a_m_e_._i_n_s_t_a_n_c_e_@_r_e_a_l_m
+       (or _n_a_m_e_._i_n_s_t_a_n_c_e_@_l_o_c_a_l_r_e_a_l_m if _r_e_a_l_m is not  supplied  on
+       the command line), decrypts the response using the service
+       key found  in  _s_r_v_t_a_b  (or  in  //eettcc//kkeerrbbeerroossIIVV//ssrrvvttaabb  if
+       _s_r_v_t_a_b  is  not specified on the command line), and stores
+       the ticket in the standard ticket cache.
+
+       This command  is  intended  primarily  for  use  in  shell
+       scripts and other batch-type facilities.
+
+DDIIAAGGNNOOSSTTIICCSS
+       "Generic kerberos failure (kfailure)" can indicate a whole
+       range of problems, the most common of which is the inabil-
+       ity to read the service key file.
+
+FFIILLEESS
+       /etc/kerberosIV/krb.conf
+                           to get the name of the local realm.
+
+       /tmp/tkt[uid]       The default ticket file.
+
+       /etc/kerberosIV/srvtab
+                           The default service key file.
+
+SSEEEE AALLSSOO
+       kerberos(1), kinit(1), kdestroy(1)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
diff --git a/usr/share/man/cat1/register.0 b/usr/share/man/cat1/register.0
new file mode 100644
index 0000000000..9d0d1e3c4d
--- /dev/null
+++ b/usr/share/man/cat1/register.0
@@ -0,0 +1,66 @@
+
+
+
+REGISTER(1)            BSD Reference Manual           REGISTER(1)
+
+
+NNAAMMEE
+       register - register with Kerberos
+
+SSYYNNOOPPSSIISS
+       rreeggiisstteerr
+
+DDEESSCCRRIIPPTTIIOONN
+       The  _r_e_g_i_s_t_e_r  command is used to register a new user with
+       Kerberos.  The Kerberos server  keeps  record  of  certain
+       trusted hosts from which it will accept new registrations.
+       If the host on which _r_e_g_i_s_t_e_r is run is  trusted  by  Ker-
+       beros,  the  user  is  asked for his current password, and
+       then a new password to be used with Kerberos.  A user  may
+       only register with Kerberos one time.
+
+FFIILLEESS
+       /.update.keyxx.xx.xx.xx    shared DES key with server
+
+SSEEEE AALLSSOO
+       registerd(8), kerberos(1)
+
+DDIIAAGGNNOOSSTTIICCSS
+       "Principal  not  unique" if the user already exists in the
+       Kerberos database.
+       "Permission Denied," if the  host  on  which  register  is
+       being run is untrusted.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+4.4 Berkeley Distribution  June 1, 1993                         1
+
+
+
+
+
diff --git a/usr/share/man/cat3/acl_check.0 b/usr/share/man/cat3/acl_check.0
new file mode 100644
index 0000000000..ba975b4b21
--- /dev/null
+++ b/usr/share/man/cat3/acl_check.0
@@ -0,0 +1,198 @@
+
+
+
+ACL_CHECK(3)         BSD Programmer's Manual         ACL_CHECK(3)
+
+
+NNAAMMEE
+       acl_canonicalize_principal,   acl_check,  acl_exact_match,
+       acl_add, acl_delete, acl_initialize - access control  list
+       routines
+
+SSYYNNOOPPSSIISS
+       cccc <<ffiilleess>> --llaaccll --llkkrrbb
+
+       ##iinncclluuddee <<kkrrbb..hh>>
+
+       aaccll__ccaannoonniiccaalliizzee__pprriinncciippaall((pprriinncciippaall,, bbuuff))
+       cchhaarr **pprriinncciippaall;;
+       cchhaarr **bbuuff;;
+
+       aaccll__cchheecckk((aaccll,, pprriinncciippaall))
+       cchhaarr **aaccll;;
+       cchhaarr **pprriinncciippaall;;
+
+       aaccll__eexxaacctt__mmaattcchh((aaccll,, pprriinncciippaall))
+       cchhaarr **aaccll;;
+       cchhaarr **pprriinncciippaall;;
+
+       aaccll__aadddd((aaccll,, pprriinncciippaall))
+       cchhaarr **aaccll;;
+       cchhaarr **pprriinncciippaall;;
+
+       aaccll__ddeelleettee((aaccll,, pprriinncciippaall))
+       cchhaarr **aaccll;;
+       cchhaarr **pprriinncciippaall;;
+
+       aaccll__iinniittiiaalliizzee((aaccll__ffiillee,, mmooddee))
+       cchhaarr **aaccll__ffiillee;;
+       iinntt mmooddee;;
+
+DDEESSCCRRIIPPTTIIOONN
+   IInnttrroodduuccttiioonn
+       An  access  control  list  (ACL)  is a list of principals,
+       where each principal is represented by a text string which
+       cannot contain whitespace.  The library allows application
+       programs to refer to named access control  lists  to  test
+       membership  and  to  atomically  add and delete principals
+       using a natural and intuitive interface.  At present,  the
+       names  of  access  control  lists  are required to be Unix
+       filenames, and refer to human-readable Unix files; in  the
+       future,  when  a  networked ACL server is implemented, the
+       names may refer to a different namespace specific  to  the
+       ACL service.
+
+
+   PPrriinncciippaall NNaammeess
+       Principal names have the form
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
+
+
+
+ACL_CHECK(3)         BSD Programmer's Manual         ACL_CHECK(3)
+
+
+            <name>[.<instance>][@<realm>]
+       e.g.:
+            asp
+            asp.root
+            asp@ATHENA.MIT.EDU
+            asp.@ATHENA.MIT.EDU
+            asp.root@ATHENA.MIT.EDU
+       It is possible for principals to be underspecified.  If an
+       instance is missing, it is assumed to be "".  If realm  is
+       missing, it is assumed to be the local realm as determined
+       by _k_r_b___g_e_t___l_r_e_a_l_m(3).  The canonical form contains all  of
+       name, instance, and realm; the acl_add and acl_delete rou-
+       tines will always leave the file in that form.  Note  that
+       the  canonical  form  of  asp@ATHENA.MIT.EDU  is  actually
+       asp.@ATHENA.MIT.EDU.
+
+   RRoouuttiinneess
+       _a_c_l___c_a_n_o_n_i_c_a_l_i_z_e___p_r_i_n_c_i_p_a_l stores the  canonical  form  of
+       _p_r_i_n_c_i_p_a_l  in _b_u_f.  _B_u_f must contain enough space to store
+       a principal, given  the  limits  on  the  sizes  of  name,
+       instance,  and  realm  specified as ANAME_SZ, INST_SZ, and
+       REALM_SZ, respectively, in _/_u_s_r_/_i_n_c_l_u_d_e_/_k_r_b_._h.
+
+       _a_c_l___c_h_e_c_k returns nonzero if  _p_r_i_n_c_i_p_a_l  appears  in  _a_c_l.
+       Returns  0  if  principal does not appear in acl, or if an
+       error occurs.  Canonicalizes  principal  before  checking,
+       and  allows  the  ACL to contain wildcards.  The only sup-
+       ported wildcards are entries  of  the  form  name.*@realm,
+       *.*@realm,  and  *.*@*.  An asterisk matches any value for
+       its component  field.   For  example,  "jtkohl.*@*"  would
+       match principal jtkohl, with any instance and any realm.
+
+       _a_c_l___e_x_a_c_t___m_a_t_c_h  performs  like  _a_c_l___c_h_e_c_k,  but  does  no
+       canonicalization or wildcard matching.
+
+       _a_c_l___a_d_d atomically adds _p_r_i_n_c_i_p_a_l to _a_c_l.   Returns  0  if
+       successful, nonzero otherwise.  It is considered a failure
+       if _p_r_i_n_c_i_p_a_l is already in _a_c_l.  This routine will canoni-
+       calize _p_r_i_n_c_i_p_a_l, but will treat wildcards literally.
+
+       _a_c_l___d_e_l_e_t_e atomically deletes _p_r_i_n_c_i_p_a_l from _a_c_l.  Returns
+       0 if successful, nonzero otherwise.  It  is  considered  a
+       failure  if _p_r_i_n_c_i_p_a_l is not already in _a_c_l.  This routine
+       will canonicalize _p_r_i_n_c_i_p_a_l, but will treat wildcards lit-
+       erally.
+
+       _a_c_l___i_n_i_t_i_a_l_i_z_e initializes _a_c_l___f_i_l_e.  If the file _a_c_l___f_i_l_e
+       does not exist, _a_c_l___i_n_i_t_i_a_l_i_z_e creates it with mode  _m_o_d_e.
+       If  the  file  _a_c_l___f_i_l_e exists, _a_c_l___i_n_i_t_i_a_l_i_z_e removes all
+       members.  Returns  0  if  successful,  nonzero  otherwise.
+       WARNING:  Mode  argument  is  likely  to  change  with the
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     2
+
+
+
+
+
+
+
+
+ACL_CHECK(3)         BSD Programmer's Manual         ACL_CHECK(3)
+
+
+       eventual introduction of an ACL service.
+
+NNOOTTEESS
+       In the presence of concurrency,  there  is  a  very  small
+       chance  that  _a_c_l___a_d_d  or  _a_c_l___d_e_l_e_t_e could report success
+       even though it would have had no effect.  This is a neces-
+       sary  side effect of using lock files for concurrency con-
+       trol rather than flock(2), which is not supported by  NFS.
+
+       The  current  implementation  caches  ACLs  in memory in a
+       hash-table format for  increased  efficiency  in  checking
+       membership;  one  effect of the caching scheme is that one
+       file descriptor will be kept open for each ACL cached,  up
+       to a maximum of 8.
+
+SSEEEE AALLSSOO
+       kerberos(3), krb_get_lrealm(3)
+
+AAUUTTHHOORR
+       James Aspnes (MIT Project Athena)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     3
+
+
+
+
+
diff --git a/usr/share/man/cat3/des.0 b/usr/share/man/cat3/des.0
new file mode 100644
index 0000000000..7e68897962
--- /dev/null
+++ b/usr/share/man/cat3/des.0
@@ -0,0 +1,396 @@
+
+
+
+DES_CRYPT(3)         BSD Programmer's Manual         DES_CRYPT(3)
+
+
+NNAAMMEE
+       des_read_password,    des_string_to_key,   des_random_key,
+       des_set_key,       des_ecb_encrypt,       des_cbc_encrypt,
+       des_pcbc_encrypt,  des_cbc_cksum,  des_quad_cksum, - (new)
+       DES encryption
+
+SSYYNNOOPPSSIISS
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//ddeess..hh>>
+
+       iinntt ddeess__rreeaadd__ppaasssswwoorrdd((kkeeyy,,pprroommpptt,,vveerriiffyy))
+       des_cblock *key;
+       char *prompt;
+       int verify;
+
+       iinntt ddeess__ssttrriinngg__ttoo__kkeeyy((ssttrr,,kkeeyy))
+       cchhaarr **ssttrr;;
+       ddeess__ccbblloocckk kkeeyy;;
+
+       iinntt ddeess__rraannddoomm__kkeeyy((kkeeyy))
+       ddeess__ccbblloocckk **kkeeyy;;
+
+       iinntt ddeess__sseett__kkeeyy((kkeeyy,,sscchheedduullee))
+       ddeess__ccbblloocckk **kkeeyy;;
+       ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
+
+       iinntt ddeess__eeccbb__eennccrryypptt((iinnppuutt,,oouuttppuutt,,sscchheedduullee,,eennccrryypptt))
+       ddeess__ccbblloocckk **iinnppuutt;;
+       ddeess__ccbblloocckk **oouuttppuutt;;
+       ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
+       iinntt eennccrryypptt;;
+
+       iinntt ddeess__ccbbcc__eennccrryypptt((iinnppuutt,,oouuttppuutt,,lleennggtthh,,sscchheedduullee,,iivveecc,,eennccrryypptt))
+       ddeess__ccbblloocckk **iinnppuutt;;
+       ddeess__ccbblloocckk **oouuttppuutt;;
+       lloonngg lleennggtthh;;
+       ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
+       ddeess__ccbblloocckk **iivveecc;;
+       iinntt eennccrryypptt;;
+
+       iinntt ddeess__ppccbbcc__eennccrryypptt((iinnppuutt,,oouuttppuutt,,lleennggtthh,,sscchheedduullee,,iivveecc,,eennccrryypptt))
+       ddeess__ccbblloocckk **iinnppuutt;;
+       ddeess__ccbblloocckk **oouuttppuutt;;
+       lloonngg lleennggtthh;;
+       ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
+       ddeess__ccbblloocckk **iivveecc;;
+       iinntt eennccrryypptt;;
+
+       uunnssiiggnneedd lloonngg ddeess__ccbbcc__cckkssuumm((iinnppuutt,,oouuttppuutt,,lleennggtthh,,sscchheedduullee,,iivveecc))
+       ddeess__ccbblloocckk **iinnppuutt;;
+       ddeess__ccbblloocckk **oouuttppuutt;;
+       lloonngg lleennggtthh;;
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
+
+
+
+DES_CRYPT(3)         BSD Programmer's Manual         DES_CRYPT(3)
+
+
+       ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
+       ddeess__ccbblloocckk **iivveecc;;
+
+       uunnssiiggnneedd lloonngg qquuaadd__cckkssuumm((iinnppuutt,,oouuttppuutt,,lleennggtthh,,oouutt__ccoouunntt,,sseeeedd))
+       ddeess__ccbblloocckk **iinnppuutt;;
+       ddeess__ccbblloocckk **oouuttppuutt;;
+       lloonngg lleennggtthh;;
+       iinntt oouutt__ccoouunntt;;
+       ddeess__ccbblloocckk **sseeeedd;;
+
+
+DDEESSCCRRIIPPTTIIOONN
+       This library supports various DES encryption related oper-
+       ations.  It  differs  from  the _c_r_y_p_t_, _s_e_t_k_e_y_, _a_n_d _e_n_c_r_y_p_t
+       library routines in that it provides a  true  DES  encryp-
+       tion,  without  modifying the algorithm, and executes much
+       faster.
+
+       For each key that may be simultaneously active,  create  a
+       ddeess__kkeeyy__sscchheedduullee  struct, defined in "des.h". Next, create
+       key schedules  (from  the  8-byte  keys)  as  needed,  via
+       _d_e_s___s_e_t___k_e_y_,  prior  to  using  the encryption or checksum
+       routines. Then setup the input  and  output  areas.   Make
+       sure  to  note the restrictions on lengths being multiples
+       of eight bytes. Finally, invoke the  encryption/decryption
+       routines,    _d_e_s___e_c_b___e_n_c_r_y_p_t    or    _d_e_s___c_b_c___e_n_c_r_y_p_t   or
+       _d_e_s___p_c_b_c___e_n_c_r_y_p_t_, or, to generate a  cryptographic  check-
+       sum, use _q_u_a_d___c_k_s_u_m (fast) or _d_e_s___c_b_c___c_k_s_u_m (slow).
+
+       A  _d_e_s___c_b_l_o_c_k struct is an 8 byte block used as the funda-
+       mental unit for DES data and keys, and is defined as:
+
+       ttyyppeeddeeff   uunnssiiggnneedd cchhaarr ddeess__ccbblloocckk[[88]];;
+
+       and a _d_e_s___k_e_y___s_c_h_e_d_u_l_e_, is defined as:
+
+       ttyyppeeddeeff   ssttrruucctt     ddeess__kkss__ssttrruucctt     {{ddeess__ccbblloocckk     __;;}}
+       ddeess__kkeeyy__sscchheedduullee[[1166]];;
+
+       _d_e_s___r_e_a_d___p_a_s_s_w_o_r_d writes the string specified by _p_r_o_m_p_t to
+       the standard output, turns  off  echo  (if  possible)  and
+       reads an input string from standard input until terminated
+       with a newline.  If _v_e_r_i_f_y is  non-zero,  it  prompts  and
+       reads  input again, for use in applications such as chang-
+       ing a password; both versions are compared, and the  input
+       is   requested   repeatedly   until   they   match.   Then
+       _d_e_s___r_e_a_d___p_a_s_s_w_o_r_d converts the input string into  a  valid
+       DES  key,  internally using the _d_e_s___s_t_r_i_n_g___t_o___k_e_y routine.
+       The newly created key is copied to the area pointed to  by
+       the  _k_e_y argument.  _d_e_s___r_e_a_d___p_a_s_s_w_o_r_d returns a zero if no
+       errors occurred, or a -1 indicating that an error occurred
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     2
+
+
+
+
+
+
+
+
+DES_CRYPT(3)         BSD Programmer's Manual         DES_CRYPT(3)
+
+
+       trying to manipulate the terminal echo.
+
+
+       _d_e_s___s_t_r_i_n_g___t_o___k_e_y   converts  an  arbitrary  length  null-
+       terminated string to an 8 byte DES key, with odd byte par-
+       ity,  per  FIPS specification.  A one-way function is used
+       to convert the string to a key, making it  very  difficult
+       to  reconstruct the string from the key.  The _s_t_r argument
+       is a pointer to the string, and  _k_e_y  should  point  to  a
+       _d_e_s___c_b_l_o_c_k supplied by the caller to receive the generated
+       key.  No meaningful value is returned. Void  is  not  used
+       for compatibility with other compilers.
+
+
+       _d_e_s___r_a_n_d_o_m___k_e_y  generates  a  random  DES  encryption  key
+       (eight bytes), set to odd parity per FIPS  specifications.
+       This  routine  uses  the  current  time, process id, and a
+       counter as a seed for the random  number  generator.   The
+       caller  must   supply space for the output key, pointed to
+       by argument _k_e_y_, then after calling _d_e_s___r_a_n_d_o_m___k_e_y  should
+       call  the  _d_e_s___s_e_t___k_e_y routine when needed.  No meaningful
+       value is returned.  Void is  not  used  for  compatibility
+       with other compilers.
+
+
+       _d_e_s___s_e_t___k_e_y calculates a key schedule from all eight bytes
+       of the input key, pointed to by the _k_e_y argument, and out-
+       puts  the  schedule into the _d_e_s___k_e_y___s_c_h_e_d_u_l_e indicated by
+       the _s_c_h_e_d_u_l_e argument. Make sure to  pass  a  valid  eight
+       byte  key;  no padding is done.  The key schedule may then
+       be used in subsequent encryption/decryption/checksum oper-
+       ations.   Many  key schedules may be cached for later use.
+       The user is responsible to clear  keys  and  schedules  as
+       soon  as  no  longer  needed, to prevent their disclosure.
+       The routine also checks the key parity, and returns a zero
+       if  the key parity is correct (odd), a -1 indicating a key
+       parity error, or a -2 indicating use of  an  illegal  weak
+       key.  If  an  error  is returned, the key schedule was not
+       created.
+
+
+       _d_e_s___e_c_b___e_n_c_r_y_p_t is the basic DES encryption  routine  that
+       encrypts  or  decrypts a single 8-byte block in eelleeccttrroonniicc
+       ccooddee bbooookk mode.  It  always  transforms  the  input  data,
+       pointed  to  by _i_n_p_u_t_, into the output data, pointed to by
+       the _o_u_t_p_u_t argument.
+
+       If the _e_n_c_r_y_p_t argument is non-zero, the _i_n_p_u_t (cleartext)
+       is  encrypted  into  the  _o_u_t_p_u_t  (ciphertext)  using  the
+       key_schedule specified by the  _s_c_h_e_d_u_l_e  argument,  previ-
+       ously set via _d_e_s___s_e_t___k_e_y
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     3
+
+
+
+
+
+
+
+
+DES_CRYPT(3)         BSD Programmer's Manual         DES_CRYPT(3)
+
+
+       If   encrypt  is  zero,  the  _i_n_p_u_t  (now  ciphertext)  is
+       decrypted into the _o_u_t_p_u_t (now cleartext).
+
+       Input and output may overlap.
+
+       No meaningful value is returned.  Void  is  not  used  for
+       compatibility with other compilers.
+
+
+       _d_e_s___c_b_c___e_n_c_r_y_p_t  encrypts/decrypts using the cciipphheerr--bblloocckk--
+       cchhaaiinniinngg mmooddee ooff DDEESS..  If the  _e_n_c_r_y_p_t  argument  is  non-
+       zero,  the routine cipher-block-chain encrypts the cleart-
+       ext data pointed to by the _i_n_p_u_t argument into the cipher-
+       text  pointed  to  by  the  _o_u_t_p_u_t argument, using the key
+       schedule provided by the _s_c_h_e_d_u_l_e argument,  and  initial-
+       ization  vector  provided  by  the  _i_v_e_c argument.  If the
+       _l_e_n_g_t_h argument is  not  an  integral  multiple  of  eight
+       bytes,  the last block is copied to a temp and zero filled
+       (highest addresses).  The output  is  ALWAYS  an  integral
+       multiple of eight bytes.
+
+       If   _e_n_c_r_y_p_t  is  zero,  the  routine  cipher-block  chain
+       decrypts the (now) ciphertext data pointed to by the _i_n_p_u_t
+       argument  into  (now)  cleartext  pointed to by the _o_u_t_p_u_t
+       argument using the key schedule provided by  the  _s_c_h_e_d_u_l_e
+       argument,  and  initialization vector provided by the _i_v_e_c
+       argument. Decryption ALWAYS operates on integral multiples
+       of 8 bytes, so it will round the _l_e_n_g_t_h provided up to the
+       appropriate multiple. Consequently, it will always produce
+       the  rounded-up  number  of bytes of output cleartext. The
+       application must determine if  the  output  cleartext  was
+       zero-padded  due  to  original cleartext lengths that were
+       not integral multiples of 8.
+
+       No errors or meaningful values are returned.  Void is  not
+       used for compatibility with other compilers.
+
+       A characteristic of cbc mode is that changing a single bit
+       of the cleartext, then encrypting using cbc mode,  affects
+       ALL  the  subsequent ciphertext.  This makes cryptanalysis
+       much more difficult. However, modifying a  single  bit  of
+       the  ciphertext, then decrypting, only affects the result-
+       ing cleartext from the modified block and  the  succeeding
+       block.   Therefore,  _d_e_s___p_c_b_c___e_n_c_r_y_p_t  is  STRONGLY recom-
+       mended for applications where  indefinite  propagation  of
+       errors is required in order to detect modifications.
+
+
+       _d_e_s___p_c_b_c___e_n_c_r_y_p_t  encrypts/decrypts using a modified block
+       chaining  mode.  Its  calling  sequence  is  identical  to
+       _d_e_s___c_b_c___e_n_c_r_y_p_t_.   It  differs  in  its  error propagation
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     4
+
+
+
+
+
+
+
+
+DES_CRYPT(3)         BSD Programmer's Manual         DES_CRYPT(3)
+
+
+       characteristics.
+
+       _d_e_s___p_c_b_c___e_n_c_r_y_p_t is highly recommended for most encryption
+       purposes,  in  that  modification  of  a single bit of the
+       ciphertext will  affect  ALL  the  subsequent  (decrypted)
+       cleartext. Similarly, modifying a single bit of the clear-
+       text will affect ALL the  subsequent  (encrypted)  cipher-
+       text.  "PCBC" mode, on encryption, "xors" both the cleart-
+       ext of block N and the ciphertext resulting from  block  N
+       with the cleartext for block N+1 prior to encrypting block
+       N+1.
+
+       _d_e_s___c_b_c___c_k_s_u_m produces an 8 byte cryptographic checksum by
+       cipher-block-chain  encrypting  the cleartext data pointed
+       to by the _i_n_p_u_t argument. All of the ciphertext output  is
+       discarded,  except the last 8-byte ciphertext block, which
+       is written into the area pointed to by  the  _o_u_t_p_u_t  argu-
+       ment.   It uses the key schedule, provided by the _s_c_h_e_d_u_l_e
+       argument and initialization vector provided  by  the  _i_v_e_c
+       argument.   If the _l_e_n_g_t_h argument is not an integral mul-
+       tiple of eight bytes, the last cleartext block  is  copied
+       to a temp and zero filled (highest addresses).  The output
+       is ALWAYS eight bytes.
+
+       The routine also returns an unsigned long,  which  is  the
+       last  (highest  address)  half of the 8 byte checksum com-
+       puted.
+
+
+       _q_u_a_d___c_k_s_u_m produces a checksum by chaining quadratic oper-
+       ations on the cleartext data pointed to by the _i_n_p_u_t argu-
+       ment. The _l_e_n_g_t_h argument  specifies  the  length  of  the
+       input -- only exactly that many bytes are included for the
+       checksum, without any padding.
+
+       The algorithm may be iterated over the same input data, if
+       the _o_u_t___c_o_u_n_t argument is 2, 3 or 4, and the optional _o_u_t_-
+       _p_u_t argument is a non-null pointer .  The default  is  one
+       iteration, and it will not run more than 4 times. Multiple
+       iterations run slower, but provide a  longer  checksum  if
+       desired. The _s_e_e_d argument provides an 8-byte seed for the
+       first iteration. If multiple iterations are requested, the
+       results  of  one  iteration  are automatically used as the
+       seed for the next iteration.
+
+       It returns both an unsigned long checksum  value,  and  if
+       the  _o_u_t_p_u_t argument is not a null pointer, up to 16 bytes
+       of the computed checksum are written into the output.
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     5
+
+
+
+
+
+
+
+
+DES_CRYPT(3)         BSD Programmer's Manual         DES_CRYPT(3)
+
+
+FFIILLEESS
+       /usr/include/kerberosIV/des.h
+       /usr/lib/libdes.a
+
+SSEEEE AALLSSOO
+DDIIAAGGNNOOSSTTIICCSS
+BBUUGGSS
+       This software has not  yet  been  compiled  or  tested  on
+       machines other than the VAX and the IBM PC.
+
+AAUUTTHHOORRSS
+       Steve  Miller, MIT Project Athena/Digital Equipment Corpo-
+       ration
+
+RREESSTTRRIICCTTIIOONNSS
+       COPYRIGHT 1985,1986 Massachusetts Institute of Technology
+
+       This software may not be exported outside of the US  with-
+       out a special license from the US Dept of Commerce. It may
+       be replaced by any secret  key  block  cipher  with  block
+       length and key length of 8 bytes, as long as the interface
+       is the same as described here.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     6
+
+
+
+
+
diff --git a/usr/share/man/cat3/des_crypt.0 b/usr/share/man/cat3/des_crypt.0
new file mode 100644
index 0000000000..7e68897962
--- /dev/null
+++ b/usr/share/man/cat3/des_crypt.0
@@ -0,0 +1,396 @@
+
+
+
+DES_CRYPT(3)         BSD Programmer's Manual         DES_CRYPT(3)
+
+
+NNAAMMEE
+       des_read_password,    des_string_to_key,   des_random_key,
+       des_set_key,       des_ecb_encrypt,       des_cbc_encrypt,
+       des_pcbc_encrypt,  des_cbc_cksum,  des_quad_cksum, - (new)
+       DES encryption
+
+SSYYNNOOPPSSIISS
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//ddeess..hh>>
+
+       iinntt ddeess__rreeaadd__ppaasssswwoorrdd((kkeeyy,,pprroommpptt,,vveerriiffyy))
+       des_cblock *key;
+       char *prompt;
+       int verify;
+
+       iinntt ddeess__ssttrriinngg__ttoo__kkeeyy((ssttrr,,kkeeyy))
+       cchhaarr **ssttrr;;
+       ddeess__ccbblloocckk kkeeyy;;
+
+       iinntt ddeess__rraannddoomm__kkeeyy((kkeeyy))
+       ddeess__ccbblloocckk **kkeeyy;;
+
+       iinntt ddeess__sseett__kkeeyy((kkeeyy,,sscchheedduullee))
+       ddeess__ccbblloocckk **kkeeyy;;
+       ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
+
+       iinntt ddeess__eeccbb__eennccrryypptt((iinnppuutt,,oouuttppuutt,,sscchheedduullee,,eennccrryypptt))
+       ddeess__ccbblloocckk **iinnppuutt;;
+       ddeess__ccbblloocckk **oouuttppuutt;;
+       ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
+       iinntt eennccrryypptt;;
+
+       iinntt ddeess__ccbbcc__eennccrryypptt((iinnppuutt,,oouuttppuutt,,lleennggtthh,,sscchheedduullee,,iivveecc,,eennccrryypptt))
+       ddeess__ccbblloocckk **iinnppuutt;;
+       ddeess__ccbblloocckk **oouuttppuutt;;
+       lloonngg lleennggtthh;;
+       ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
+       ddeess__ccbblloocckk **iivveecc;;
+       iinntt eennccrryypptt;;
+
+       iinntt ddeess__ppccbbcc__eennccrryypptt((iinnppuutt,,oouuttppuutt,,lleennggtthh,,sscchheedduullee,,iivveecc,,eennccrryypptt))
+       ddeess__ccbblloocckk **iinnppuutt;;
+       ddeess__ccbblloocckk **oouuttppuutt;;
+       lloonngg lleennggtthh;;
+       ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
+       ddeess__ccbblloocckk **iivveecc;;
+       iinntt eennccrryypptt;;
+
+       uunnssiiggnneedd lloonngg ddeess__ccbbcc__cckkssuumm((iinnppuutt,,oouuttppuutt,,lleennggtthh,,sscchheedduullee,,iivveecc))
+       ddeess__ccbblloocckk **iinnppuutt;;
+       ddeess__ccbblloocckk **oouuttppuutt;;
+       lloonngg lleennggtthh;;
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
+
+
+
+DES_CRYPT(3)         BSD Programmer's Manual         DES_CRYPT(3)
+
+
+       ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
+       ddeess__ccbblloocckk **iivveecc;;
+
+       uunnssiiggnneedd lloonngg qquuaadd__cckkssuumm((iinnppuutt,,oouuttppuutt,,lleennggtthh,,oouutt__ccoouunntt,,sseeeedd))
+       ddeess__ccbblloocckk **iinnppuutt;;
+       ddeess__ccbblloocckk **oouuttppuutt;;
+       lloonngg lleennggtthh;;
+       iinntt oouutt__ccoouunntt;;
+       ddeess__ccbblloocckk **sseeeedd;;
+
+
+DDEESSCCRRIIPPTTIIOONN
+       This library supports various DES encryption related oper-
+       ations.  It  differs  from  the _c_r_y_p_t_, _s_e_t_k_e_y_, _a_n_d _e_n_c_r_y_p_t
+       library routines in that it provides a  true  DES  encryp-
+       tion,  without  modifying the algorithm, and executes much
+       faster.
+
+       For each key that may be simultaneously active,  create  a
+       ddeess__kkeeyy__sscchheedduullee  struct, defined in "des.h". Next, create
+       key schedules  (from  the  8-byte  keys)  as  needed,  via
+       _d_e_s___s_e_t___k_e_y_,  prior  to  using  the encryption or checksum
+       routines. Then setup the input  and  output  areas.   Make
+       sure  to  note the restrictions on lengths being multiples
+       of eight bytes. Finally, invoke the  encryption/decryption
+       routines,    _d_e_s___e_c_b___e_n_c_r_y_p_t    or    _d_e_s___c_b_c___e_n_c_r_y_p_t   or
+       _d_e_s___p_c_b_c___e_n_c_r_y_p_t_, or, to generate a  cryptographic  check-
+       sum, use _q_u_a_d___c_k_s_u_m (fast) or _d_e_s___c_b_c___c_k_s_u_m (slow).
+
+       A  _d_e_s___c_b_l_o_c_k struct is an 8 byte block used as the funda-
+       mental unit for DES data and keys, and is defined as:
+
+       ttyyppeeddeeff   uunnssiiggnneedd cchhaarr ddeess__ccbblloocckk[[88]];;
+
+       and a _d_e_s___k_e_y___s_c_h_e_d_u_l_e_, is defined as:
+
+       ttyyppeeddeeff   ssttrruucctt     ddeess__kkss__ssttrruucctt     {{ddeess__ccbblloocckk     __;;}}
+       ddeess__kkeeyy__sscchheedduullee[[1166]];;
+
+       _d_e_s___r_e_a_d___p_a_s_s_w_o_r_d writes the string specified by _p_r_o_m_p_t to
+       the standard output, turns  off  echo  (if  possible)  and
+       reads an input string from standard input until terminated
+       with a newline.  If _v_e_r_i_f_y is  non-zero,  it  prompts  and
+       reads  input again, for use in applications such as chang-
+       ing a password; both versions are compared, and the  input
+       is   requested   repeatedly   until   they   match.   Then
+       _d_e_s___r_e_a_d___p_a_s_s_w_o_r_d converts the input string into  a  valid
+       DES  key,  internally using the _d_e_s___s_t_r_i_n_g___t_o___k_e_y routine.
+       The newly created key is copied to the area pointed to  by
+       the  _k_e_y argument.  _d_e_s___r_e_a_d___p_a_s_s_w_o_r_d returns a zero if no
+       errors occurred, or a -1 indicating that an error occurred
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     2
+
+
+
+
+
+
+
+
+DES_CRYPT(3)         BSD Programmer's Manual         DES_CRYPT(3)
+
+
+       trying to manipulate the terminal echo.
+
+
+       _d_e_s___s_t_r_i_n_g___t_o___k_e_y   converts  an  arbitrary  length  null-
+       terminated string to an 8 byte DES key, with odd byte par-
+       ity,  per  FIPS specification.  A one-way function is used
+       to convert the string to a key, making it  very  difficult
+       to  reconstruct the string from the key.  The _s_t_r argument
+       is a pointer to the string, and  _k_e_y  should  point  to  a
+       _d_e_s___c_b_l_o_c_k supplied by the caller to receive the generated
+       key.  No meaningful value is returned. Void  is  not  used
+       for compatibility with other compilers.
+
+
+       _d_e_s___r_a_n_d_o_m___k_e_y  generates  a  random  DES  encryption  key
+       (eight bytes), set to odd parity per FIPS  specifications.
+       This  routine  uses  the  current  time, process id, and a
+       counter as a seed for the random  number  generator.   The
+       caller  must   supply space for the output key, pointed to
+       by argument _k_e_y_, then after calling _d_e_s___r_a_n_d_o_m___k_e_y  should
+       call  the  _d_e_s___s_e_t___k_e_y routine when needed.  No meaningful
+       value is returned.  Void is  not  used  for  compatibility
+       with other compilers.
+
+
+       _d_e_s___s_e_t___k_e_y calculates a key schedule from all eight bytes
+       of the input key, pointed to by the _k_e_y argument, and out-
+       puts  the  schedule into the _d_e_s___k_e_y___s_c_h_e_d_u_l_e indicated by
+       the _s_c_h_e_d_u_l_e argument. Make sure to  pass  a  valid  eight
+       byte  key;  no padding is done.  The key schedule may then
+       be used in subsequent encryption/decryption/checksum oper-
+       ations.   Many  key schedules may be cached for later use.
+       The user is responsible to clear  keys  and  schedules  as
+       soon  as  no  longer  needed, to prevent their disclosure.
+       The routine also checks the key parity, and returns a zero
+       if  the key parity is correct (odd), a -1 indicating a key
+       parity error, or a -2 indicating use of  an  illegal  weak
+       key.  If  an  error  is returned, the key schedule was not
+       created.
+
+
+       _d_e_s___e_c_b___e_n_c_r_y_p_t is the basic DES encryption  routine  that
+       encrypts  or  decrypts a single 8-byte block in eelleeccttrroonniicc
+       ccooddee bbooookk mode.  It  always  transforms  the  input  data,
+       pointed  to  by _i_n_p_u_t_, into the output data, pointed to by
+       the _o_u_t_p_u_t argument.
+
+       If the _e_n_c_r_y_p_t argument is non-zero, the _i_n_p_u_t (cleartext)
+       is  encrypted  into  the  _o_u_t_p_u_t  (ciphertext)  using  the
+       key_schedule specified by the  _s_c_h_e_d_u_l_e  argument,  previ-
+       ously set via _d_e_s___s_e_t___k_e_y
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     3
+
+
+
+
+
+
+
+
+DES_CRYPT(3)         BSD Programmer's Manual         DES_CRYPT(3)
+
+
+       If   encrypt  is  zero,  the  _i_n_p_u_t  (now  ciphertext)  is
+       decrypted into the _o_u_t_p_u_t (now cleartext).
+
+       Input and output may overlap.
+
+       No meaningful value is returned.  Void  is  not  used  for
+       compatibility with other compilers.
+
+
+       _d_e_s___c_b_c___e_n_c_r_y_p_t  encrypts/decrypts using the cciipphheerr--bblloocckk--
+       cchhaaiinniinngg mmooddee ooff DDEESS..  If the  _e_n_c_r_y_p_t  argument  is  non-
+       zero,  the routine cipher-block-chain encrypts the cleart-
+       ext data pointed to by the _i_n_p_u_t argument into the cipher-
+       text  pointed  to  by  the  _o_u_t_p_u_t argument, using the key
+       schedule provided by the _s_c_h_e_d_u_l_e argument,  and  initial-
+       ization  vector  provided  by  the  _i_v_e_c argument.  If the
+       _l_e_n_g_t_h argument is  not  an  integral  multiple  of  eight
+       bytes,  the last block is copied to a temp and zero filled
+       (highest addresses).  The output  is  ALWAYS  an  integral
+       multiple of eight bytes.
+
+       If   _e_n_c_r_y_p_t  is  zero,  the  routine  cipher-block  chain
+       decrypts the (now) ciphertext data pointed to by the _i_n_p_u_t
+       argument  into  (now)  cleartext  pointed to by the _o_u_t_p_u_t
+       argument using the key schedule provided by  the  _s_c_h_e_d_u_l_e
+       argument,  and  initialization vector provided by the _i_v_e_c
+       argument. Decryption ALWAYS operates on integral multiples
+       of 8 bytes, so it will round the _l_e_n_g_t_h provided up to the
+       appropriate multiple. Consequently, it will always produce
+       the  rounded-up  number  of bytes of output cleartext. The
+       application must determine if  the  output  cleartext  was
+       zero-padded  due  to  original cleartext lengths that were
+       not integral multiples of 8.
+
+       No errors or meaningful values are returned.  Void is  not
+       used for compatibility with other compilers.
+
+       A characteristic of cbc mode is that changing a single bit
+       of the cleartext, then encrypting using cbc mode,  affects
+       ALL  the  subsequent ciphertext.  This makes cryptanalysis
+       much more difficult. However, modifying a  single  bit  of
+       the  ciphertext, then decrypting, only affects the result-
+       ing cleartext from the modified block and  the  succeeding
+       block.   Therefore,  _d_e_s___p_c_b_c___e_n_c_r_y_p_t  is  STRONGLY recom-
+       mended for applications where  indefinite  propagation  of
+       errors is required in order to detect modifications.
+
+
+       _d_e_s___p_c_b_c___e_n_c_r_y_p_t  encrypts/decrypts using a modified block
+       chaining  mode.  Its  calling  sequence  is  identical  to
+       _d_e_s___c_b_c___e_n_c_r_y_p_t_.   It  differs  in  its  error propagation
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     4
+
+
+
+
+
+
+
+
+DES_CRYPT(3)         BSD Programmer's Manual         DES_CRYPT(3)
+
+
+       characteristics.
+
+       _d_e_s___p_c_b_c___e_n_c_r_y_p_t is highly recommended for most encryption
+       purposes,  in  that  modification  of  a single bit of the
+       ciphertext will  affect  ALL  the  subsequent  (decrypted)
+       cleartext. Similarly, modifying a single bit of the clear-
+       text will affect ALL the  subsequent  (encrypted)  cipher-
+       text.  "PCBC" mode, on encryption, "xors" both the cleart-
+       ext of block N and the ciphertext resulting from  block  N
+       with the cleartext for block N+1 prior to encrypting block
+       N+1.
+
+       _d_e_s___c_b_c___c_k_s_u_m produces an 8 byte cryptographic checksum by
+       cipher-block-chain  encrypting  the cleartext data pointed
+       to by the _i_n_p_u_t argument. All of the ciphertext output  is
+       discarded,  except the last 8-byte ciphertext block, which
+       is written into the area pointed to by  the  _o_u_t_p_u_t  argu-
+       ment.   It uses the key schedule, provided by the _s_c_h_e_d_u_l_e
+       argument and initialization vector provided  by  the  _i_v_e_c
+       argument.   If the _l_e_n_g_t_h argument is not an integral mul-
+       tiple of eight bytes, the last cleartext block  is  copied
+       to a temp and zero filled (highest addresses).  The output
+       is ALWAYS eight bytes.
+
+       The routine also returns an unsigned long,  which  is  the
+       last  (highest  address)  half of the 8 byte checksum com-
+       puted.
+
+
+       _q_u_a_d___c_k_s_u_m produces a checksum by chaining quadratic oper-
+       ations on the cleartext data pointed to by the _i_n_p_u_t argu-
+       ment. The _l_e_n_g_t_h argument  specifies  the  length  of  the
+       input -- only exactly that many bytes are included for the
+       checksum, without any padding.
+
+       The algorithm may be iterated over the same input data, if
+       the _o_u_t___c_o_u_n_t argument is 2, 3 or 4, and the optional _o_u_t_-
+       _p_u_t argument is a non-null pointer .  The default  is  one
+       iteration, and it will not run more than 4 times. Multiple
+       iterations run slower, but provide a  longer  checksum  if
+       desired. The _s_e_e_d argument provides an 8-byte seed for the
+       first iteration. If multiple iterations are requested, the
+       results  of  one  iteration  are automatically used as the
+       seed for the next iteration.
+
+       It returns both an unsigned long checksum  value,  and  if
+       the  _o_u_t_p_u_t argument is not a null pointer, up to 16 bytes
+       of the computed checksum are written into the output.
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     5
+
+
+
+
+
+
+
+
+DES_CRYPT(3)         BSD Programmer's Manual         DES_CRYPT(3)
+
+
+FFIILLEESS
+       /usr/include/kerberosIV/des.h
+       /usr/lib/libdes.a
+
+SSEEEE AALLSSOO
+DDIIAAGGNNOOSSTTIICCSS
+BBUUGGSS
+       This software has not  yet  been  compiled  or  tested  on
+       machines other than the VAX and the IBM PC.
+
+AAUUTTHHOORRSS
+       Steve  Miller, MIT Project Athena/Digital Equipment Corpo-
+       ration
+
+RREESSTTRRIICCTTIIOONNSS
+       COPYRIGHT 1985,1986 Massachusetts Institute of Technology
+
+       This software may not be exported outside of the US  with-
+       out a special license from the US Dept of Commerce. It may
+       be replaced by any secret  key  block  cipher  with  block
+       length and key length of 8 bytes, as long as the interface
+       is the same as described here.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     6
+
+
+
+
+
diff --git a/usr/share/man/cat3/kerberos.0 b/usr/share/man/cat3/kerberos.0
new file mode 100644
index 0000000000..ac1157fbda
--- /dev/null
+++ b/usr/share/man/cat3/kerberos.0
@@ -0,0 +1,462 @@
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+NNAAMMEE
+       krb_mk_req,     krb_rd_req,    krb_kntoln,    krb_set_key,
+       krb_get_cred,   krb_mk_priv,   krb_rd_priv,   krb_mk_safe,
+       krb_rd_safe,  krb_mk_err,  krb_rd_err,  krb_ck_repl - Ker-
+       beros authentication library
+
+SSYYNNOOPPSSIISS
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//ddeess..hh>>
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//kkrrbb..hh>>
+
+       eexxtteerrnn cchhaarr **kkrrbb__eerrrr__ttxxtt[[]];;
+
+       iinntt kkrrbb__mmkk__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cchheecckkssuumm))
+       KKTTEEXXTT aauutthheenntt;;
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       cchhaarr **rreeaallmm;;
+       uu__lloonngg cchheecckkssuumm;;
+
+       iinntt kkrrbb__rrdd__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,ffrroomm__aaddddrr,,aadd,,ffnn))
+       KKTTEEXXTT aauutthheenntt;;
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       uu__lloonngg ffrroomm__aaddddrr;;
+       AAUUTTHH__DDAATT **aadd;;
+       cchhaarr **ffnn;;
+
+       iinntt kkrrbb__kknnttoollnn((aadd,,llnnaammee))
+       AAUUTTHH__DDAATT **aadd;;
+       cchhaarr **llnnaammee;;
+
+       iinntt kkrrbb__sseett__kkeeyy((kkeeyy,,ccvvtt))
+       cchhaarr **kkeeyy;;
+       iinntt ccvvtt;;
+
+       iinntt kkrrbb__ggeett__ccrreedd((sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cc))
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       cchhaarr **rreeaallmm;;
+       CCRREEDDEENNTTIIAALLSS **cc;;
+
+       lloonngg kkrrbb__mmkk__pprriivv((iinn,,oouutt,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
+       uu__cchhaarr **iinn;;
+       uu__cchhaarr **oouutt;;
+       uu__lloonngg iinn__lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+
+       lloonngg kkrrbb__rrdd__pprriivv((iinn,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       uu__cchhaarr **iinn;;
+       uu__lloonngg iinn__lleennggtthh;;
+       KKeeyy__sscchheedduullee sscchheedduullee;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+       lloonngg kkrrbb__mmkk__ssaaffee((iinn,,oouutt,,iinn__lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
+       uu__cchhaarr **iinn;;
+       uu__cchhaarr **oouutt;;
+       uu__lloonngg iinn__lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+
+       lloonngg kkrrbb__rrdd__ssaaffee((iinn,,lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
+       uu__cchhaarr **iinn;;
+       uu__lloonngg lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+       lloonngg kkrrbb__mmkk__eerrrr((oouutt,,ccooddee,,ssttrriinngg))
+       uu__cchhaarr **oouutt;;
+       lloonngg ccooddee;;
+       cchhaarr **ssttrriinngg;;
+
+       lloonngg kkrrbb__rrdd__eerrrr((iinn,,lleennggtthh,,ccooddee,,mmssgg__ddaattaa))
+       uu__cchhaarr **iinn;;
+       uu__lloonngg lleennggtthh;;
+       lloonngg ccooddee;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+DDEESSCCRRIIPPTTIIOONN
+       This library supports network authentication  and  various
+       related  operations.   The  library contains many routines
+       beyond those described in this man page, but they are  not
+       intended to be used directly.  Instead, they are called by
+       the routines that are described, the authentication server
+       and the login program.
+
+       _k_r_b___e_r_r___t_x_t_[_] contains text string descriptions of various
+       Kerberos error codes returned  by  some  of  the  routines
+       below.
+
+       _k_r_b___m_k___r_e_q takes a pointer to a text structure in which an
+       authenticator is to be built.  It  also  takes  the  name,
+       instance,  and  realm  of  the  service  to be used and an
+       optional checksum.  It is up to the application to  decide
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     2
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       how to generate the checksum.  _k_r_b___m_k___r_e_q then retrieves a
+       ticket for the desired service and creates an  authentica-
+       tor.   The authenticator is built in _a_u_t_h_e_n_t and is acces-
+       sible to the calling procedure.
+
+       It is up to the application to get  the  authenticator  to
+       the  service  where it will be read by _k_r_b___r_d___r_e_q_.  Unless
+       an attacker possesses the session  key  contained  in  the
+       ticket,  it  will  be  unable to modify the authenticator.
+       Thus, the checksum can be used to verify the  authenticity
+       of the other data that will pass through a connection.
+
+       _k_r_b___r_d___r_e_q takes an authenticator of type KKTTEEXXTT,, a service
+       name, an instance, the address of the host originating the
+       request,  and  a  pointer  to a structure of type AAUUTTHH__DDAATT
+       which is filled in  with  information  obtained  from  the
+       authenticator.   It  also optionally takes the name of the
+       file in which it will find the secret key(s) for the  ser-
+       vice.   If  the  supplied  _i_n_s_t_a_n_c_e contains "*", then the
+       first service key with the same service name found in  the
+       service  key  file will be used, and the _i_n_s_t_a_n_c_e argument
+       will be filled in with the chosen  instance.   This  means
+       that  the  caller  must provide space for such an instance
+       name.
+
+       It is used to find out  information  about  the  principal
+       when  a  request  has been made to a service.  It is up to
+       the application protocol to get the authenticator from the
+       client  to  the service.  The authenticator is then passed
+       to _k_r_b___r_d___r_e_q to extract the desired information.
+
+       _k_r_b___r_d___r_e_q returns zero (RD_AP_OK) upon successful authen-
+       tication.   If a packet was forged, modified, or replayed,
+       authentication will fail.  If the authentication fails,  a
+       non-zero value is returned indicating the particular prob-
+       lem encountered.  See _k_r_b_._h for the list of error codes.
+
+       If the last argument is the null string  (""),  krb_rd_req
+       will  use  the  file /etc/srvtab to find its keys.  If the
+       last argument is NULL, it will assume  that  the  key  has
+       been  set  by _k_r_b___s_e_t___k_e_y and will not bother looking fur-
+       ther.
+
+       _k_r_b___k_n_t_o_l_n converts a Kerberos name to a local  name.   It
+       takes  a  structure of type AUTH_DAT and uses the name and
+       instance to look in the database /etc/aname  to  find  the
+       corresponding  local name.  The local name is returned and
+       can be used by an application to change uids, directories,
+       or  other  parameters.  It is not an integral part of Ker-
+       beros, but is instead provided to support the use of  Ker-
+       beros in existing utilities.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     3
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       _k_r_b___s_e_t___k_e_y  takes as an argument a des key.  It then cre-
+       ates a key schedule from it and saves the original key  to
+       be  used  as  an initialization vector.  It is used to set
+       the server's key which must be used to decrypt tickets.
+
+       If called with a  non-zero  second  argument,  _k_r_b___s_e_t___k_e_y
+       will  first  convert  the input from a string of arbitrary
+       length to a DES key by encrypting it with a one-way  func-
+       tion.
+
+       In   most  cases  it  should  not  be  necessary  to  call
+       _k_r_b___s_e_t___k_e_y_.  The necessary keys will usually be  obtained
+       and  set  inside  _k_r_b___r_d___r_e_q_.  _k_r_b___s_e_t___k_e_y is provided for
+       those applications that do not wish to place the  applica-
+       tion keys on disk.
+
+       _k_r_b___g_e_t___c_r_e_d  searches  the  caller's  ticket  file  for a
+       ticket for the given service, instance, and realm; and, if
+       a  ticket  is found, fills in the given CREDENTIALS struc-
+       ture with the ticket information.
+
+       If the ticket was found, _k_r_b___g_e_t___c_r_e_d returns  GC_OK.   If
+       the  ticket  file  can't  be found, can't be read, doesn't
+       belong to the user (other  than  root),  isn't  a  regular
+       file,  or  is  in  the  wrong  mode, the error GC_TKFIL is
+       returned.
+
+       _k_r_b___m_k___p_r_i_v creates an  encrypted,  authenticated  message
+       from  any arbitrary application data, pointed to by _i_n and
+       _i_n___l_e_n_g_t_h bytes long.  The private session key, pointed to
+       by _k_e_y and the key schedule, _s_c_h_e_d_u_l_e_, are used to encrypt
+       the data and some header information  using  _p_c_b_c___e_n_c_r_y_p_t_.
+       _s_e_n_d_e_r  and  _r_e_c_e_i_v_e_r point to the Internet address of the
+       two parties.  In addition to providing privacy, this  pro-
+       tocol  message  protects against modifications, insertions
+       or replays.   The  encapsulated  message  and  header  are
+       placed  in  the  area  pointed  to  by _o_u_t and the routine
+       returns the length of the  output,  or  -1  indicating  an
+       error.
+
+       _k_r_b___r_d___p_r_i_v   decrypts   and   authenticates   a  received
+       _k_r_b___m_k___p_r_i_v message.  _i_n points to the  beginning  of  the
+       received  message, whose length is specified in _i_n___l_e_n_g_t_h_.
+       The private session key, pointed to by _k_e_y_,  and  the  key
+       schedule,  _s_c_h_e_d_u_l_e_,  are  used  to decrypt and verify the
+       received message.  _m_s_g___d_a_t_a is  a  pointer  to  a  _M_S_G___D_A_T
+       struct,  defined  in  _k_r_b_._h_.   The  routine  fills  in the
+       _a_p_p___d_a_t_a field with a pointer to the decrypted application
+       data,  _a_p_p___l_e_n_g_t_h  with  the length of the _a_p_p___d_a_t_a field,
+       _t_i_m_e___s_e_c and _t_i_m_e___5_m_s with the timestamps in the  message,
+       and  _s_w_a_p  with  a  1 if the byte order of the receiver is
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     4
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       different than that of the sender.  (The application  must
+       still determine if it is appropriate to byte-swap applica-
+       tion data; the Kerberos protocol fields are already  taken
+       care  of).  The _h_a_s_h field returns a value useful as input
+       to the _k_r_b___c_k___r_e_p_l routine.
+
+       The routine returns zero if ok, or a Kerberos error  code.
+       Modified messages and old messages cause errors, but it is
+       up to the caller to check the time sequence  of  messages,
+       and  to  check  against  recently  replayed messages using
+       _k_r_b___c_k___r_e_p_l if so desired.
+
+       _k_r_b___m_k___s_a_f_e creates an authenticated, but unencrypted mes-
+       sage from any arbitrary application data, pointed to by _i_n
+       and  _i_n___l_e_n_g_t_h  bytes  long.   The  private  session  key,
+       pointed to by _k_e_y_, is used to seed the _q_u_a_d___c_k_s_u_m_(_) check-
+       sum algorithm used as part of the authentication.   _s_e_n_d_e_r
+       and _r_e_c_e_i_v_e_r point to the Internet address of the two par-
+       ties.  This message does not  provide  privacy,  but  does
+       protect  (via detection) against modifications, insertions
+       or replays.   The  encapsulated  message  and  header  are
+       placed  in  the  area  pointed  to  by _o_u_t and the routine
+       returns the length of the  output,  or  -1  indicating  an
+       error.  The authentication provided by this routine is not
+       as strong as that provided by _k_r_b___m_k___p_r_i_v or by  computing
+       the  checksum  using  _c_b_c___c_k_s_u_m  instead,  both  of  which
+       authenticate via DES.
+
+
+       _k_r_b___r_d___s_a_f_e authenticates a received _k_r_b___m_k___s_a_f_e  message.
+       _i_n  points to the beginning of the received message, whose
+       length is specified in  _i_n___l_e_n_g_t_h_.   The  private  session
+       key,  pointed  to by _k_e_y_, is used to seed the quad_cksum()
+       routine as part of  the  authentication.   _m_s_g___d_a_t_a  is  a
+       pointer  to a _M_S_G___D_A_T struct, defined in _k_r_b_._h _.  The rou-
+       tine fills in these _M_S_G___D_A_T  fields:  the  _a_p_p___d_a_t_a  field
+       with  a  pointer  to the application data, _a_p_p___l_e_n_g_t_h with
+       the length of the _a_p_p___d_a_t_a field,  _t_i_m_e___s_e_c  and  _t_i_m_e___5_m_s
+       with  the  timestamps in the message, and _s_w_a_p with a 1 if
+       the byte order of the receiver is different than  that  of
+       the  sender.   (The application must still determine if it
+       is appropriate to byte-swap application data; the Kerberos
+       protocol  fields  are  already  taken  care of).  The _h_a_s_h
+       field returns a value useful as input to  the  _k_r_b___c_k___r_e_p_l
+       routine.
+
+       The  routine returns zero if ok, or a Kerberos error code.
+       Modified messages and old messages cause errors, but it is
+       up  to  the caller to check the time sequence of messages,
+       and to check  against  recently  replayed  messages  using
+       _k_r_b___c_k___r_e_p_l if so desired.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     5
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       _k_r_b___m_k___e_r_r  constructs  an application level error message
+       that may be used along with  _k_r_b___m_k___p_r_i_v  or  _k_r_b___m_k___s_a_f_e_.
+       _o_u_t is a pointer to the output buffer, _c_o_d_e is an applica-
+       tion specific error code, and  _s_t_r_i_n_g  is  an  application
+       specific error string.
+
+
+       _k_r_b___r_d___e_r_r  unpacks  a  received  _k_r_b___m_k___e_r_r  message.  _i_n
+       points to the beginning of  the  received  message,  whose
+       length  is specified in _i_n___l_e_n_g_t_h_.  _c_o_d_e is a pointer to a
+       value to be filled in with the error value provided by the
+       application.   _m_s_g___d_a_t_a  is a pointer to a _M_S_G___D_A_T struct,
+       defined in _k_r_b_._h _.  The routine  fills  in  these  _M_S_G___D_A_T
+       fields:  the _a_p_p___d_a_t_a field with a pointer to the applica-
+       tion  error  text,  _a_p_p___l_e_n_g_t_h  with  the  length  of  the
+       _a_p_p___d_a_t_a field, and _s_w_a_p with a 1 if the byte order of the
+       receiver is different  than  that  of  the  sender.   (The
+       application  must  still determine if it is appropriate to
+       byte-swap application data; the Kerberos  protocol  fields
+       are already taken care of).
+
+       The  routine  returns  zero  if the error message has been
+       successfully received, or a Kerberos error code.
+
+       The _K_T_E_X_T structure is used to pass around text of varying
+       lengths.   It  consists  of  a  buffer for the data, and a
+       length.  krb_rd_req takes an argument of  this  type  con-
+       taining  the  authenticator,  and  krb_mk_req  returns the
+       authenticator in a structure of this type.   KTEXT  itself
+       is  really a pointer to the structure.   The actual struc-
+       ture is of type KTEXT_ST.
+
+       The _A_U_T_H___D_A_T structure is filled  in  by  krb_rd_req.   It
+       must be allocated before calling krb_rd_req, and a pointer
+       to it is passed.  The structure is  filled  in  with  data
+       obtained from Kerberos.  _M_S_G___D_A_T structure is filled in by
+       either krb_rd_priv, krb_rd_safe, or krb_rd_err.   It  must
+       be  allocated  before  the  call  and  a  pointer to it is
+       passed.  The structure is filled  in  with  data  obtained
+       from Kerberos.
+
+
+FFIILLEESS
+       /usr/include/kerberosIV/krb.h
+       /usr/lib/libkrb.a
+       /usr/include/kerberosIV/des.h
+       /usr/lib/libdes.a
+       /etc/kerberosIV/aname
+       /etc/kerberosIV/srvtab
+       /tmp/tkt[uid]
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     6
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+SSEEEE AALLSSOO
+       kerberos(1), des_crypt(3)
+
+DDIIAAGGNNOOSSTTIICCSS
+BBUUGGSS
+       The  caller  of  _k_r_b___r_d___r_e_q_,  _k_r_b___r_d___p_r_i_v_, _a_n_d _k_r_b___r_d___s_a_f_e
+       must  check  time   order   and   for   replay   attempts.
+       _k_r_b___c_k___r_e_p_l is not implemented yet.
+
+AAUUTTHHOORRSS
+       Clifford Neuman, MIT Project Athena
+       Steve  Miller, MIT Project Athena/Digital Equipment Corpo-
+       ration
+
+RREESSTTRRIICCTTIIOONNSS
+       COPYRIGHT 1985,1986,1989 Massachusetts Institute of  Tech-
+       nology
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     7
+
+
+
+
+
diff --git a/usr/share/man/cat3/krb.0 b/usr/share/man/cat3/krb.0
new file mode 100644
index 0000000000..ac1157fbda
--- /dev/null
+++ b/usr/share/man/cat3/krb.0
@@ -0,0 +1,462 @@
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+NNAAMMEE
+       krb_mk_req,     krb_rd_req,    krb_kntoln,    krb_set_key,
+       krb_get_cred,   krb_mk_priv,   krb_rd_priv,   krb_mk_safe,
+       krb_rd_safe,  krb_mk_err,  krb_rd_err,  krb_ck_repl - Ker-
+       beros authentication library
+
+SSYYNNOOPPSSIISS
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//ddeess..hh>>
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//kkrrbb..hh>>
+
+       eexxtteerrnn cchhaarr **kkrrbb__eerrrr__ttxxtt[[]];;
+
+       iinntt kkrrbb__mmkk__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cchheecckkssuumm))
+       KKTTEEXXTT aauutthheenntt;;
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       cchhaarr **rreeaallmm;;
+       uu__lloonngg cchheecckkssuumm;;
+
+       iinntt kkrrbb__rrdd__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,ffrroomm__aaddddrr,,aadd,,ffnn))
+       KKTTEEXXTT aauutthheenntt;;
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       uu__lloonngg ffrroomm__aaddddrr;;
+       AAUUTTHH__DDAATT **aadd;;
+       cchhaarr **ffnn;;
+
+       iinntt kkrrbb__kknnttoollnn((aadd,,llnnaammee))
+       AAUUTTHH__DDAATT **aadd;;
+       cchhaarr **llnnaammee;;
+
+       iinntt kkrrbb__sseett__kkeeyy((kkeeyy,,ccvvtt))
+       cchhaarr **kkeeyy;;
+       iinntt ccvvtt;;
+
+       iinntt kkrrbb__ggeett__ccrreedd((sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cc))
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       cchhaarr **rreeaallmm;;
+       CCRREEDDEENNTTIIAALLSS **cc;;
+
+       lloonngg kkrrbb__mmkk__pprriivv((iinn,,oouutt,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
+       uu__cchhaarr **iinn;;
+       uu__cchhaarr **oouutt;;
+       uu__lloonngg iinn__lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+
+       lloonngg kkrrbb__rrdd__pprriivv((iinn,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       uu__cchhaarr **iinn;;
+       uu__lloonngg iinn__lleennggtthh;;
+       KKeeyy__sscchheedduullee sscchheedduullee;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+       lloonngg kkrrbb__mmkk__ssaaffee((iinn,,oouutt,,iinn__lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
+       uu__cchhaarr **iinn;;
+       uu__cchhaarr **oouutt;;
+       uu__lloonngg iinn__lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+
+       lloonngg kkrrbb__rrdd__ssaaffee((iinn,,lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
+       uu__cchhaarr **iinn;;
+       uu__lloonngg lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+       lloonngg kkrrbb__mmkk__eerrrr((oouutt,,ccooddee,,ssttrriinngg))
+       uu__cchhaarr **oouutt;;
+       lloonngg ccooddee;;
+       cchhaarr **ssttrriinngg;;
+
+       lloonngg kkrrbb__rrdd__eerrrr((iinn,,lleennggtthh,,ccooddee,,mmssgg__ddaattaa))
+       uu__cchhaarr **iinn;;
+       uu__lloonngg lleennggtthh;;
+       lloonngg ccooddee;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+DDEESSCCRRIIPPTTIIOONN
+       This library supports network authentication  and  various
+       related  operations.   The  library contains many routines
+       beyond those described in this man page, but they are  not
+       intended to be used directly.  Instead, they are called by
+       the routines that are described, the authentication server
+       and the login program.
+
+       _k_r_b___e_r_r___t_x_t_[_] contains text string descriptions of various
+       Kerberos error codes returned  by  some  of  the  routines
+       below.
+
+       _k_r_b___m_k___r_e_q takes a pointer to a text structure in which an
+       authenticator is to be built.  It  also  takes  the  name,
+       instance,  and  realm  of  the  service  to be used and an
+       optional checksum.  It is up to the application to  decide
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     2
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       how to generate the checksum.  _k_r_b___m_k___r_e_q then retrieves a
+       ticket for the desired service and creates an  authentica-
+       tor.   The authenticator is built in _a_u_t_h_e_n_t and is acces-
+       sible to the calling procedure.
+
+       It is up to the application to get  the  authenticator  to
+       the  service  where it will be read by _k_r_b___r_d___r_e_q_.  Unless
+       an attacker possesses the session  key  contained  in  the
+       ticket,  it  will  be  unable to modify the authenticator.
+       Thus, the checksum can be used to verify the  authenticity
+       of the other data that will pass through a connection.
+
+       _k_r_b___r_d___r_e_q takes an authenticator of type KKTTEEXXTT,, a service
+       name, an instance, the address of the host originating the
+       request,  and  a  pointer  to a structure of type AAUUTTHH__DDAATT
+       which is filled in  with  information  obtained  from  the
+       authenticator.   It  also optionally takes the name of the
+       file in which it will find the secret key(s) for the  ser-
+       vice.   If  the  supplied  _i_n_s_t_a_n_c_e contains "*", then the
+       first service key with the same service name found in  the
+       service  key  file will be used, and the _i_n_s_t_a_n_c_e argument
+       will be filled in with the chosen  instance.   This  means
+       that  the  caller  must provide space for such an instance
+       name.
+
+       It is used to find out  information  about  the  principal
+       when  a  request  has been made to a service.  It is up to
+       the application protocol to get the authenticator from the
+       client  to  the service.  The authenticator is then passed
+       to _k_r_b___r_d___r_e_q to extract the desired information.
+
+       _k_r_b___r_d___r_e_q returns zero (RD_AP_OK) upon successful authen-
+       tication.   If a packet was forged, modified, or replayed,
+       authentication will fail.  If the authentication fails,  a
+       non-zero value is returned indicating the particular prob-
+       lem encountered.  See _k_r_b_._h for the list of error codes.
+
+       If the last argument is the null string  (""),  krb_rd_req
+       will  use  the  file /etc/srvtab to find its keys.  If the
+       last argument is NULL, it will assume  that  the  key  has
+       been  set  by _k_r_b___s_e_t___k_e_y and will not bother looking fur-
+       ther.
+
+       _k_r_b___k_n_t_o_l_n converts a Kerberos name to a local  name.   It
+       takes  a  structure of type AUTH_DAT and uses the name and
+       instance to look in the database /etc/aname  to  find  the
+       corresponding  local name.  The local name is returned and
+       can be used by an application to change uids, directories,
+       or  other  parameters.  It is not an integral part of Ker-
+       beros, but is instead provided to support the use of  Ker-
+       beros in existing utilities.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     3
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       _k_r_b___s_e_t___k_e_y  takes as an argument a des key.  It then cre-
+       ates a key schedule from it and saves the original key  to
+       be  used  as  an initialization vector.  It is used to set
+       the server's key which must be used to decrypt tickets.
+
+       If called with a  non-zero  second  argument,  _k_r_b___s_e_t___k_e_y
+       will  first  convert  the input from a string of arbitrary
+       length to a DES key by encrypting it with a one-way  func-
+       tion.
+
+       In   most  cases  it  should  not  be  necessary  to  call
+       _k_r_b___s_e_t___k_e_y_.  The necessary keys will usually be  obtained
+       and  set  inside  _k_r_b___r_d___r_e_q_.  _k_r_b___s_e_t___k_e_y is provided for
+       those applications that do not wish to place the  applica-
+       tion keys on disk.
+
+       _k_r_b___g_e_t___c_r_e_d  searches  the  caller's  ticket  file  for a
+       ticket for the given service, instance, and realm; and, if
+       a  ticket  is found, fills in the given CREDENTIALS struc-
+       ture with the ticket information.
+
+       If the ticket was found, _k_r_b___g_e_t___c_r_e_d returns  GC_OK.   If
+       the  ticket  file  can't  be found, can't be read, doesn't
+       belong to the user (other  than  root),  isn't  a  regular
+       file,  or  is  in  the  wrong  mode, the error GC_TKFIL is
+       returned.
+
+       _k_r_b___m_k___p_r_i_v creates an  encrypted,  authenticated  message
+       from  any arbitrary application data, pointed to by _i_n and
+       _i_n___l_e_n_g_t_h bytes long.  The private session key, pointed to
+       by _k_e_y and the key schedule, _s_c_h_e_d_u_l_e_, are used to encrypt
+       the data and some header information  using  _p_c_b_c___e_n_c_r_y_p_t_.
+       _s_e_n_d_e_r  and  _r_e_c_e_i_v_e_r point to the Internet address of the
+       two parties.  In addition to providing privacy, this  pro-
+       tocol  message  protects against modifications, insertions
+       or replays.   The  encapsulated  message  and  header  are
+       placed  in  the  area  pointed  to  by _o_u_t and the routine
+       returns the length of the  output,  or  -1  indicating  an
+       error.
+
+       _k_r_b___r_d___p_r_i_v   decrypts   and   authenticates   a  received
+       _k_r_b___m_k___p_r_i_v message.  _i_n points to the  beginning  of  the
+       received  message, whose length is specified in _i_n___l_e_n_g_t_h_.
+       The private session key, pointed to by _k_e_y_,  and  the  key
+       schedule,  _s_c_h_e_d_u_l_e_,  are  used  to decrypt and verify the
+       received message.  _m_s_g___d_a_t_a is  a  pointer  to  a  _M_S_G___D_A_T
+       struct,  defined  in  _k_r_b_._h_.   The  routine  fills  in the
+       _a_p_p___d_a_t_a field with a pointer to the decrypted application
+       data,  _a_p_p___l_e_n_g_t_h  with  the length of the _a_p_p___d_a_t_a field,
+       _t_i_m_e___s_e_c and _t_i_m_e___5_m_s with the timestamps in the  message,
+       and  _s_w_a_p  with  a  1 if the byte order of the receiver is
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     4
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       different than that of the sender.  (The application  must
+       still determine if it is appropriate to byte-swap applica-
+       tion data; the Kerberos protocol fields are already  taken
+       care  of).  The _h_a_s_h field returns a value useful as input
+       to the _k_r_b___c_k___r_e_p_l routine.
+
+       The routine returns zero if ok, or a Kerberos error  code.
+       Modified messages and old messages cause errors, but it is
+       up to the caller to check the time sequence  of  messages,
+       and  to  check  against  recently  replayed messages using
+       _k_r_b___c_k___r_e_p_l if so desired.
+
+       _k_r_b___m_k___s_a_f_e creates an authenticated, but unencrypted mes-
+       sage from any arbitrary application data, pointed to by _i_n
+       and  _i_n___l_e_n_g_t_h  bytes  long.   The  private  session  key,
+       pointed to by _k_e_y_, is used to seed the _q_u_a_d___c_k_s_u_m_(_) check-
+       sum algorithm used as part of the authentication.   _s_e_n_d_e_r
+       and _r_e_c_e_i_v_e_r point to the Internet address of the two par-
+       ties.  This message does not  provide  privacy,  but  does
+       protect  (via detection) against modifications, insertions
+       or replays.   The  encapsulated  message  and  header  are
+       placed  in  the  area  pointed  to  by _o_u_t and the routine
+       returns the length of the  output,  or  -1  indicating  an
+       error.  The authentication provided by this routine is not
+       as strong as that provided by _k_r_b___m_k___p_r_i_v or by  computing
+       the  checksum  using  _c_b_c___c_k_s_u_m  instead,  both  of  which
+       authenticate via DES.
+
+
+       _k_r_b___r_d___s_a_f_e authenticates a received _k_r_b___m_k___s_a_f_e  message.
+       _i_n  points to the beginning of the received message, whose
+       length is specified in  _i_n___l_e_n_g_t_h_.   The  private  session
+       key,  pointed  to by _k_e_y_, is used to seed the quad_cksum()
+       routine as part of  the  authentication.   _m_s_g___d_a_t_a  is  a
+       pointer  to a _M_S_G___D_A_T struct, defined in _k_r_b_._h _.  The rou-
+       tine fills in these _M_S_G___D_A_T  fields:  the  _a_p_p___d_a_t_a  field
+       with  a  pointer  to the application data, _a_p_p___l_e_n_g_t_h with
+       the length of the _a_p_p___d_a_t_a field,  _t_i_m_e___s_e_c  and  _t_i_m_e___5_m_s
+       with  the  timestamps in the message, and _s_w_a_p with a 1 if
+       the byte order of the receiver is different than  that  of
+       the  sender.   (The application must still determine if it
+       is appropriate to byte-swap application data; the Kerberos
+       protocol  fields  are  already  taken  care of).  The _h_a_s_h
+       field returns a value useful as input to  the  _k_r_b___c_k___r_e_p_l
+       routine.
+
+       The  routine returns zero if ok, or a Kerberos error code.
+       Modified messages and old messages cause errors, but it is
+       up  to  the caller to check the time sequence of messages,
+       and to check  against  recently  replayed  messages  using
+       _k_r_b___c_k___r_e_p_l if so desired.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     5
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       _k_r_b___m_k___e_r_r  constructs  an application level error message
+       that may be used along with  _k_r_b___m_k___p_r_i_v  or  _k_r_b___m_k___s_a_f_e_.
+       _o_u_t is a pointer to the output buffer, _c_o_d_e is an applica-
+       tion specific error code, and  _s_t_r_i_n_g  is  an  application
+       specific error string.
+
+
+       _k_r_b___r_d___e_r_r  unpacks  a  received  _k_r_b___m_k___e_r_r  message.  _i_n
+       points to the beginning of  the  received  message,  whose
+       length  is specified in _i_n___l_e_n_g_t_h_.  _c_o_d_e is a pointer to a
+       value to be filled in with the error value provided by the
+       application.   _m_s_g___d_a_t_a  is a pointer to a _M_S_G___D_A_T struct,
+       defined in _k_r_b_._h _.  The routine  fills  in  these  _M_S_G___D_A_T
+       fields:  the _a_p_p___d_a_t_a field with a pointer to the applica-
+       tion  error  text,  _a_p_p___l_e_n_g_t_h  with  the  length  of  the
+       _a_p_p___d_a_t_a field, and _s_w_a_p with a 1 if the byte order of the
+       receiver is different  than  that  of  the  sender.   (The
+       application  must  still determine if it is appropriate to
+       byte-swap application data; the Kerberos  protocol  fields
+       are already taken care of).
+
+       The  routine  returns  zero  if the error message has been
+       successfully received, or a Kerberos error code.
+
+       The _K_T_E_X_T structure is used to pass around text of varying
+       lengths.   It  consists  of  a  buffer for the data, and a
+       length.  krb_rd_req takes an argument of  this  type  con-
+       taining  the  authenticator,  and  krb_mk_req  returns the
+       authenticator in a structure of this type.   KTEXT  itself
+       is  really a pointer to the structure.   The actual struc-
+       ture is of type KTEXT_ST.
+
+       The _A_U_T_H___D_A_T structure is filled  in  by  krb_rd_req.   It
+       must be allocated before calling krb_rd_req, and a pointer
+       to it is passed.  The structure is  filled  in  with  data
+       obtained from Kerberos.  _M_S_G___D_A_T structure is filled in by
+       either krb_rd_priv, krb_rd_safe, or krb_rd_err.   It  must
+       be  allocated  before  the  call  and  a  pointer to it is
+       passed.  The structure is filled  in  with  data  obtained
+       from Kerberos.
+
+
+FFIILLEESS
+       /usr/include/kerberosIV/krb.h
+       /usr/lib/libkrb.a
+       /usr/include/kerberosIV/des.h
+       /usr/lib/libdes.a
+       /etc/kerberosIV/aname
+       /etc/kerberosIV/srvtab
+       /tmp/tkt[uid]
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     6
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+SSEEEE AALLSSOO
+       kerberos(1), des_crypt(3)
+
+DDIIAAGGNNOOSSTTIICCSS
+BBUUGGSS
+       The  caller  of  _k_r_b___r_d___r_e_q_,  _k_r_b___r_d___p_r_i_v_, _a_n_d _k_r_b___r_d___s_a_f_e
+       must  check  time   order   and   for   replay   attempts.
+       _k_r_b___c_k___r_e_p_l is not implemented yet.
+
+AAUUTTHHOORRSS
+       Clifford Neuman, MIT Project Athena
+       Steve  Miller, MIT Project Athena/Digital Equipment Corpo-
+       ration
+
+RREESSTTRRIICCTTIIOONNSS
+       COPYRIGHT 1985,1986,1989 Massachusetts Institute of  Tech-
+       nology
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     7
+
+
+
+
+
diff --git a/usr/share/man/cat3/krb_ck_repl.0 b/usr/share/man/cat3/krb_ck_repl.0
new file mode 100644
index 0000000000..ac1157fbda
--- /dev/null
+++ b/usr/share/man/cat3/krb_ck_repl.0
@@ -0,0 +1,462 @@
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+NNAAMMEE
+       krb_mk_req,     krb_rd_req,    krb_kntoln,    krb_set_key,
+       krb_get_cred,   krb_mk_priv,   krb_rd_priv,   krb_mk_safe,
+       krb_rd_safe,  krb_mk_err,  krb_rd_err,  krb_ck_repl - Ker-
+       beros authentication library
+
+SSYYNNOOPPSSIISS
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//ddeess..hh>>
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//kkrrbb..hh>>
+
+       eexxtteerrnn cchhaarr **kkrrbb__eerrrr__ttxxtt[[]];;
+
+       iinntt kkrrbb__mmkk__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cchheecckkssuumm))
+       KKTTEEXXTT aauutthheenntt;;
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       cchhaarr **rreeaallmm;;
+       uu__lloonngg cchheecckkssuumm;;
+
+       iinntt kkrrbb__rrdd__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,ffrroomm__aaddddrr,,aadd,,ffnn))
+       KKTTEEXXTT aauutthheenntt;;
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       uu__lloonngg ffrroomm__aaddddrr;;
+       AAUUTTHH__DDAATT **aadd;;
+       cchhaarr **ffnn;;
+
+       iinntt kkrrbb__kknnttoollnn((aadd,,llnnaammee))
+       AAUUTTHH__DDAATT **aadd;;
+       cchhaarr **llnnaammee;;
+
+       iinntt kkrrbb__sseett__kkeeyy((kkeeyy,,ccvvtt))
+       cchhaarr **kkeeyy;;
+       iinntt ccvvtt;;
+
+       iinntt kkrrbb__ggeett__ccrreedd((sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cc))
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       cchhaarr **rreeaallmm;;
+       CCRREEDDEENNTTIIAALLSS **cc;;
+
+       lloonngg kkrrbb__mmkk__pprriivv((iinn,,oouutt,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
+       uu__cchhaarr **iinn;;
+       uu__cchhaarr **oouutt;;
+       uu__lloonngg iinn__lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+
+       lloonngg kkrrbb__rrdd__pprriivv((iinn,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       uu__cchhaarr **iinn;;
+       uu__lloonngg iinn__lleennggtthh;;
+       KKeeyy__sscchheedduullee sscchheedduullee;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+       lloonngg kkrrbb__mmkk__ssaaffee((iinn,,oouutt,,iinn__lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
+       uu__cchhaarr **iinn;;
+       uu__cchhaarr **oouutt;;
+       uu__lloonngg iinn__lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+
+       lloonngg kkrrbb__rrdd__ssaaffee((iinn,,lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
+       uu__cchhaarr **iinn;;
+       uu__lloonngg lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+       lloonngg kkrrbb__mmkk__eerrrr((oouutt,,ccooddee,,ssttrriinngg))
+       uu__cchhaarr **oouutt;;
+       lloonngg ccooddee;;
+       cchhaarr **ssttrriinngg;;
+
+       lloonngg kkrrbb__rrdd__eerrrr((iinn,,lleennggtthh,,ccooddee,,mmssgg__ddaattaa))
+       uu__cchhaarr **iinn;;
+       uu__lloonngg lleennggtthh;;
+       lloonngg ccooddee;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+DDEESSCCRRIIPPTTIIOONN
+       This library supports network authentication  and  various
+       related  operations.   The  library contains many routines
+       beyond those described in this man page, but they are  not
+       intended to be used directly.  Instead, they are called by
+       the routines that are described, the authentication server
+       and the login program.
+
+       _k_r_b___e_r_r___t_x_t_[_] contains text string descriptions of various
+       Kerberos error codes returned  by  some  of  the  routines
+       below.
+
+       _k_r_b___m_k___r_e_q takes a pointer to a text structure in which an
+       authenticator is to be built.  It  also  takes  the  name,
+       instance,  and  realm  of  the  service  to be used and an
+       optional checksum.  It is up to the application to  decide
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     2
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       how to generate the checksum.  _k_r_b___m_k___r_e_q then retrieves a
+       ticket for the desired service and creates an  authentica-
+       tor.   The authenticator is built in _a_u_t_h_e_n_t and is acces-
+       sible to the calling procedure.
+
+       It is up to the application to get  the  authenticator  to
+       the  service  where it will be read by _k_r_b___r_d___r_e_q_.  Unless
+       an attacker possesses the session  key  contained  in  the
+       ticket,  it  will  be  unable to modify the authenticator.
+       Thus, the checksum can be used to verify the  authenticity
+       of the other data that will pass through a connection.
+
+       _k_r_b___r_d___r_e_q takes an authenticator of type KKTTEEXXTT,, a service
+       name, an instance, the address of the host originating the
+       request,  and  a  pointer  to a structure of type AAUUTTHH__DDAATT
+       which is filled in  with  information  obtained  from  the
+       authenticator.   It  also optionally takes the name of the
+       file in which it will find the secret key(s) for the  ser-
+       vice.   If  the  supplied  _i_n_s_t_a_n_c_e contains "*", then the
+       first service key with the same service name found in  the
+       service  key  file will be used, and the _i_n_s_t_a_n_c_e argument
+       will be filled in with the chosen  instance.   This  means
+       that  the  caller  must provide space for such an instance
+       name.
+
+       It is used to find out  information  about  the  principal
+       when  a  request  has been made to a service.  It is up to
+       the application protocol to get the authenticator from the
+       client  to  the service.  The authenticator is then passed
+       to _k_r_b___r_d___r_e_q to extract the desired information.
+
+       _k_r_b___r_d___r_e_q returns zero (RD_AP_OK) upon successful authen-
+       tication.   If a packet was forged, modified, or replayed,
+       authentication will fail.  If the authentication fails,  a
+       non-zero value is returned indicating the particular prob-
+       lem encountered.  See _k_r_b_._h for the list of error codes.
+
+       If the last argument is the null string  (""),  krb_rd_req
+       will  use  the  file /etc/srvtab to find its keys.  If the
+       last argument is NULL, it will assume  that  the  key  has
+       been  set  by _k_r_b___s_e_t___k_e_y and will not bother looking fur-
+       ther.
+
+       _k_r_b___k_n_t_o_l_n converts a Kerberos name to a local  name.   It
+       takes  a  structure of type AUTH_DAT and uses the name and
+       instance to look in the database /etc/aname  to  find  the
+       corresponding  local name.  The local name is returned and
+       can be used by an application to change uids, directories,
+       or  other  parameters.  It is not an integral part of Ker-
+       beros, but is instead provided to support the use of  Ker-
+       beros in existing utilities.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     3
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       _k_r_b___s_e_t___k_e_y  takes as an argument a des key.  It then cre-
+       ates a key schedule from it and saves the original key  to
+       be  used  as  an initialization vector.  It is used to set
+       the server's key which must be used to decrypt tickets.
+
+       If called with a  non-zero  second  argument,  _k_r_b___s_e_t___k_e_y
+       will  first  convert  the input from a string of arbitrary
+       length to a DES key by encrypting it with a one-way  func-
+       tion.
+
+       In   most  cases  it  should  not  be  necessary  to  call
+       _k_r_b___s_e_t___k_e_y_.  The necessary keys will usually be  obtained
+       and  set  inside  _k_r_b___r_d___r_e_q_.  _k_r_b___s_e_t___k_e_y is provided for
+       those applications that do not wish to place the  applica-
+       tion keys on disk.
+
+       _k_r_b___g_e_t___c_r_e_d  searches  the  caller's  ticket  file  for a
+       ticket for the given service, instance, and realm; and, if
+       a  ticket  is found, fills in the given CREDENTIALS struc-
+       ture with the ticket information.
+
+       If the ticket was found, _k_r_b___g_e_t___c_r_e_d returns  GC_OK.   If
+       the  ticket  file  can't  be found, can't be read, doesn't
+       belong to the user (other  than  root),  isn't  a  regular
+       file,  or  is  in  the  wrong  mode, the error GC_TKFIL is
+       returned.
+
+       _k_r_b___m_k___p_r_i_v creates an  encrypted,  authenticated  message
+       from  any arbitrary application data, pointed to by _i_n and
+       _i_n___l_e_n_g_t_h bytes long.  The private session key, pointed to
+       by _k_e_y and the key schedule, _s_c_h_e_d_u_l_e_, are used to encrypt
+       the data and some header information  using  _p_c_b_c___e_n_c_r_y_p_t_.
+       _s_e_n_d_e_r  and  _r_e_c_e_i_v_e_r point to the Internet address of the
+       two parties.  In addition to providing privacy, this  pro-
+       tocol  message  protects against modifications, insertions
+       or replays.   The  encapsulated  message  and  header  are
+       placed  in  the  area  pointed  to  by _o_u_t and the routine
+       returns the length of the  output,  or  -1  indicating  an
+       error.
+
+       _k_r_b___r_d___p_r_i_v   decrypts   and   authenticates   a  received
+       _k_r_b___m_k___p_r_i_v message.  _i_n points to the  beginning  of  the
+       received  message, whose length is specified in _i_n___l_e_n_g_t_h_.
+       The private session key, pointed to by _k_e_y_,  and  the  key
+       schedule,  _s_c_h_e_d_u_l_e_,  are  used  to decrypt and verify the
+       received message.  _m_s_g___d_a_t_a is  a  pointer  to  a  _M_S_G___D_A_T
+       struct,  defined  in  _k_r_b_._h_.   The  routine  fills  in the
+       _a_p_p___d_a_t_a field with a pointer to the decrypted application
+       data,  _a_p_p___l_e_n_g_t_h  with  the length of the _a_p_p___d_a_t_a field,
+       _t_i_m_e___s_e_c and _t_i_m_e___5_m_s with the timestamps in the  message,
+       and  _s_w_a_p  with  a  1 if the byte order of the receiver is
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     4
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       different than that of the sender.  (The application  must
+       still determine if it is appropriate to byte-swap applica-
+       tion data; the Kerberos protocol fields are already  taken
+       care  of).  The _h_a_s_h field returns a value useful as input
+       to the _k_r_b___c_k___r_e_p_l routine.
+
+       The routine returns zero if ok, or a Kerberos error  code.
+       Modified messages and old messages cause errors, but it is
+       up to the caller to check the time sequence  of  messages,
+       and  to  check  against  recently  replayed messages using
+       _k_r_b___c_k___r_e_p_l if so desired.
+
+       _k_r_b___m_k___s_a_f_e creates an authenticated, but unencrypted mes-
+       sage from any arbitrary application data, pointed to by _i_n
+       and  _i_n___l_e_n_g_t_h  bytes  long.   The  private  session  key,
+       pointed to by _k_e_y_, is used to seed the _q_u_a_d___c_k_s_u_m_(_) check-
+       sum algorithm used as part of the authentication.   _s_e_n_d_e_r
+       and _r_e_c_e_i_v_e_r point to the Internet address of the two par-
+       ties.  This message does not  provide  privacy,  but  does
+       protect  (via detection) against modifications, insertions
+       or replays.   The  encapsulated  message  and  header  are
+       placed  in  the  area  pointed  to  by _o_u_t and the routine
+       returns the length of the  output,  or  -1  indicating  an
+       error.  The authentication provided by this routine is not
+       as strong as that provided by _k_r_b___m_k___p_r_i_v or by  computing
+       the  checksum  using  _c_b_c___c_k_s_u_m  instead,  both  of  which
+       authenticate via DES.
+
+
+       _k_r_b___r_d___s_a_f_e authenticates a received _k_r_b___m_k___s_a_f_e  message.
+       _i_n  points to the beginning of the received message, whose
+       length is specified in  _i_n___l_e_n_g_t_h_.   The  private  session
+       key,  pointed  to by _k_e_y_, is used to seed the quad_cksum()
+       routine as part of  the  authentication.   _m_s_g___d_a_t_a  is  a
+       pointer  to a _M_S_G___D_A_T struct, defined in _k_r_b_._h _.  The rou-
+       tine fills in these _M_S_G___D_A_T  fields:  the  _a_p_p___d_a_t_a  field
+       with  a  pointer  to the application data, _a_p_p___l_e_n_g_t_h with
+       the length of the _a_p_p___d_a_t_a field,  _t_i_m_e___s_e_c  and  _t_i_m_e___5_m_s
+       with  the  timestamps in the message, and _s_w_a_p with a 1 if
+       the byte order of the receiver is different than  that  of
+       the  sender.   (The application must still determine if it
+       is appropriate to byte-swap application data; the Kerberos
+       protocol  fields  are  already  taken  care of).  The _h_a_s_h
+       field returns a value useful as input to  the  _k_r_b___c_k___r_e_p_l
+       routine.
+
+       The  routine returns zero if ok, or a Kerberos error code.
+       Modified messages and old messages cause errors, but it is
+       up  to  the caller to check the time sequence of messages,
+       and to check  against  recently  replayed  messages  using
+       _k_r_b___c_k___r_e_p_l if so desired.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     5
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       _k_r_b___m_k___e_r_r  constructs  an application level error message
+       that may be used along with  _k_r_b___m_k___p_r_i_v  or  _k_r_b___m_k___s_a_f_e_.
+       _o_u_t is a pointer to the output buffer, _c_o_d_e is an applica-
+       tion specific error code, and  _s_t_r_i_n_g  is  an  application
+       specific error string.
+
+
+       _k_r_b___r_d___e_r_r  unpacks  a  received  _k_r_b___m_k___e_r_r  message.  _i_n
+       points to the beginning of  the  received  message,  whose
+       length  is specified in _i_n___l_e_n_g_t_h_.  _c_o_d_e is a pointer to a
+       value to be filled in with the error value provided by the
+       application.   _m_s_g___d_a_t_a  is a pointer to a _M_S_G___D_A_T struct,
+       defined in _k_r_b_._h _.  The routine  fills  in  these  _M_S_G___D_A_T
+       fields:  the _a_p_p___d_a_t_a field with a pointer to the applica-
+       tion  error  text,  _a_p_p___l_e_n_g_t_h  with  the  length  of  the
+       _a_p_p___d_a_t_a field, and _s_w_a_p with a 1 if the byte order of the
+       receiver is different  than  that  of  the  sender.   (The
+       application  must  still determine if it is appropriate to
+       byte-swap application data; the Kerberos  protocol  fields
+       are already taken care of).
+
+       The  routine  returns  zero  if the error message has been
+       successfully received, or a Kerberos error code.
+
+       The _K_T_E_X_T structure is used to pass around text of varying
+       lengths.   It  consists  of  a  buffer for the data, and a
+       length.  krb_rd_req takes an argument of  this  type  con-
+       taining  the  authenticator,  and  krb_mk_req  returns the
+       authenticator in a structure of this type.   KTEXT  itself
+       is  really a pointer to the structure.   The actual struc-
+       ture is of type KTEXT_ST.
+
+       The _A_U_T_H___D_A_T structure is filled  in  by  krb_rd_req.   It
+       must be allocated before calling krb_rd_req, and a pointer
+       to it is passed.  The structure is  filled  in  with  data
+       obtained from Kerberos.  _M_S_G___D_A_T structure is filled in by
+       either krb_rd_priv, krb_rd_safe, or krb_rd_err.   It  must
+       be  allocated  before  the  call  and  a  pointer to it is
+       passed.  The structure is filled  in  with  data  obtained
+       from Kerberos.
+
+
+FFIILLEESS
+       /usr/include/kerberosIV/krb.h
+       /usr/lib/libkrb.a
+       /usr/include/kerberosIV/des.h
+       /usr/lib/libdes.a
+       /etc/kerberosIV/aname
+       /etc/kerberosIV/srvtab
+       /tmp/tkt[uid]
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     6
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+SSEEEE AALLSSOO
+       kerberos(1), des_crypt(3)
+
+DDIIAAGGNNOOSSTTIICCSS
+BBUUGGSS
+       The  caller  of  _k_r_b___r_d___r_e_q_,  _k_r_b___r_d___p_r_i_v_, _a_n_d _k_r_b___r_d___s_a_f_e
+       must  check  time   order   and   for   replay   attempts.
+       _k_r_b___c_k___r_e_p_l is not implemented yet.
+
+AAUUTTHHOORRSS
+       Clifford Neuman, MIT Project Athena
+       Steve  Miller, MIT Project Athena/Digital Equipment Corpo-
+       ration
+
+RREESSTTRRIICCTTIIOONNSS
+       COPYRIGHT 1985,1986,1989 Massachusetts Institute of  Tech-
+       nology
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     7
+
+
+
+
+
diff --git a/usr/share/man/cat3/krb_get_cred.0 b/usr/share/man/cat3/krb_get_cred.0
new file mode 100644
index 0000000000..ac1157fbda
--- /dev/null
+++ b/usr/share/man/cat3/krb_get_cred.0
@@ -0,0 +1,462 @@
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+NNAAMMEE
+       krb_mk_req,     krb_rd_req,    krb_kntoln,    krb_set_key,
+       krb_get_cred,   krb_mk_priv,   krb_rd_priv,   krb_mk_safe,
+       krb_rd_safe,  krb_mk_err,  krb_rd_err,  krb_ck_repl - Ker-
+       beros authentication library
+
+SSYYNNOOPPSSIISS
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//ddeess..hh>>
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//kkrrbb..hh>>
+
+       eexxtteerrnn cchhaarr **kkrrbb__eerrrr__ttxxtt[[]];;
+
+       iinntt kkrrbb__mmkk__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cchheecckkssuumm))
+       KKTTEEXXTT aauutthheenntt;;
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       cchhaarr **rreeaallmm;;
+       uu__lloonngg cchheecckkssuumm;;
+
+       iinntt kkrrbb__rrdd__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,ffrroomm__aaddddrr,,aadd,,ffnn))
+       KKTTEEXXTT aauutthheenntt;;
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       uu__lloonngg ffrroomm__aaddddrr;;
+       AAUUTTHH__DDAATT **aadd;;
+       cchhaarr **ffnn;;
+
+       iinntt kkrrbb__kknnttoollnn((aadd,,llnnaammee))
+       AAUUTTHH__DDAATT **aadd;;
+       cchhaarr **llnnaammee;;
+
+       iinntt kkrrbb__sseett__kkeeyy((kkeeyy,,ccvvtt))
+       cchhaarr **kkeeyy;;
+       iinntt ccvvtt;;
+
+       iinntt kkrrbb__ggeett__ccrreedd((sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cc))
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       cchhaarr **rreeaallmm;;
+       CCRREEDDEENNTTIIAALLSS **cc;;
+
+       lloonngg kkrrbb__mmkk__pprriivv((iinn,,oouutt,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
+       uu__cchhaarr **iinn;;
+       uu__cchhaarr **oouutt;;
+       uu__lloonngg iinn__lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+
+       lloonngg kkrrbb__rrdd__pprriivv((iinn,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       uu__cchhaarr **iinn;;
+       uu__lloonngg iinn__lleennggtthh;;
+       KKeeyy__sscchheedduullee sscchheedduullee;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+       lloonngg kkrrbb__mmkk__ssaaffee((iinn,,oouutt,,iinn__lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
+       uu__cchhaarr **iinn;;
+       uu__cchhaarr **oouutt;;
+       uu__lloonngg iinn__lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+
+       lloonngg kkrrbb__rrdd__ssaaffee((iinn,,lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
+       uu__cchhaarr **iinn;;
+       uu__lloonngg lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+       lloonngg kkrrbb__mmkk__eerrrr((oouutt,,ccooddee,,ssttrriinngg))
+       uu__cchhaarr **oouutt;;
+       lloonngg ccooddee;;
+       cchhaarr **ssttrriinngg;;
+
+       lloonngg kkrrbb__rrdd__eerrrr((iinn,,lleennggtthh,,ccooddee,,mmssgg__ddaattaa))
+       uu__cchhaarr **iinn;;
+       uu__lloonngg lleennggtthh;;
+       lloonngg ccooddee;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+DDEESSCCRRIIPPTTIIOONN
+       This library supports network authentication  and  various
+       related  operations.   The  library contains many routines
+       beyond those described in this man page, but they are  not
+       intended to be used directly.  Instead, they are called by
+       the routines that are described, the authentication server
+       and the login program.
+
+       _k_r_b___e_r_r___t_x_t_[_] contains text string descriptions of various
+       Kerberos error codes returned  by  some  of  the  routines
+       below.
+
+       _k_r_b___m_k___r_e_q takes a pointer to a text structure in which an
+       authenticator is to be built.  It  also  takes  the  name,
+       instance,  and  realm  of  the  service  to be used and an
+       optional checksum.  It is up to the application to  decide
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     2
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       how to generate the checksum.  _k_r_b___m_k___r_e_q then retrieves a
+       ticket for the desired service and creates an  authentica-
+       tor.   The authenticator is built in _a_u_t_h_e_n_t and is acces-
+       sible to the calling procedure.
+
+       It is up to the application to get  the  authenticator  to
+       the  service  where it will be read by _k_r_b___r_d___r_e_q_.  Unless
+       an attacker possesses the session  key  contained  in  the
+       ticket,  it  will  be  unable to modify the authenticator.
+       Thus, the checksum can be used to verify the  authenticity
+       of the other data that will pass through a connection.
+
+       _k_r_b___r_d___r_e_q takes an authenticator of type KKTTEEXXTT,, a service
+       name, an instance, the address of the host originating the
+       request,  and  a  pointer  to a structure of type AAUUTTHH__DDAATT
+       which is filled in  with  information  obtained  from  the
+       authenticator.   It  also optionally takes the name of the
+       file in which it will find the secret key(s) for the  ser-
+       vice.   If  the  supplied  _i_n_s_t_a_n_c_e contains "*", then the
+       first service key with the same service name found in  the
+       service  key  file will be used, and the _i_n_s_t_a_n_c_e argument
+       will be filled in with the chosen  instance.   This  means
+       that  the  caller  must provide space for such an instance
+       name.
+
+       It is used to find out  information  about  the  principal
+       when  a  request  has been made to a service.  It is up to
+       the application protocol to get the authenticator from the
+       client  to  the service.  The authenticator is then passed
+       to _k_r_b___r_d___r_e_q to extract the desired information.
+
+       _k_r_b___r_d___r_e_q returns zero (RD_AP_OK) upon successful authen-
+       tication.   If a packet was forged, modified, or replayed,
+       authentication will fail.  If the authentication fails,  a
+       non-zero value is returned indicating the particular prob-
+       lem encountered.  See _k_r_b_._h for the list of error codes.
+
+       If the last argument is the null string  (""),  krb_rd_req
+       will  use  the  file /etc/srvtab to find its keys.  If the
+       last argument is NULL, it will assume  that  the  key  has
+       been  set  by _k_r_b___s_e_t___k_e_y and will not bother looking fur-
+       ther.
+
+       _k_r_b___k_n_t_o_l_n converts a Kerberos name to a local  name.   It
+       takes  a  structure of type AUTH_DAT and uses the name and
+       instance to look in the database /etc/aname  to  find  the
+       corresponding  local name.  The local name is returned and
+       can be used by an application to change uids, directories,
+       or  other  parameters.  It is not an integral part of Ker-
+       beros, but is instead provided to support the use of  Ker-
+       beros in existing utilities.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     3
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       _k_r_b___s_e_t___k_e_y  takes as an argument a des key.  It then cre-
+       ates a key schedule from it and saves the original key  to
+       be  used  as  an initialization vector.  It is used to set
+       the server's key which must be used to decrypt tickets.
+
+       If called with a  non-zero  second  argument,  _k_r_b___s_e_t___k_e_y
+       will  first  convert  the input from a string of arbitrary
+       length to a DES key by encrypting it with a one-way  func-
+       tion.
+
+       In   most  cases  it  should  not  be  necessary  to  call
+       _k_r_b___s_e_t___k_e_y_.  The necessary keys will usually be  obtained
+       and  set  inside  _k_r_b___r_d___r_e_q_.  _k_r_b___s_e_t___k_e_y is provided for
+       those applications that do not wish to place the  applica-
+       tion keys on disk.
+
+       _k_r_b___g_e_t___c_r_e_d  searches  the  caller's  ticket  file  for a
+       ticket for the given service, instance, and realm; and, if
+       a  ticket  is found, fills in the given CREDENTIALS struc-
+       ture with the ticket information.
+
+       If the ticket was found, _k_r_b___g_e_t___c_r_e_d returns  GC_OK.   If
+       the  ticket  file  can't  be found, can't be read, doesn't
+       belong to the user (other  than  root),  isn't  a  regular
+       file,  or  is  in  the  wrong  mode, the error GC_TKFIL is
+       returned.
+
+       _k_r_b___m_k___p_r_i_v creates an  encrypted,  authenticated  message
+       from  any arbitrary application data, pointed to by _i_n and
+       _i_n___l_e_n_g_t_h bytes long.  The private session key, pointed to
+       by _k_e_y and the key schedule, _s_c_h_e_d_u_l_e_, are used to encrypt
+       the data and some header information  using  _p_c_b_c___e_n_c_r_y_p_t_.
+       _s_e_n_d_e_r  and  _r_e_c_e_i_v_e_r point to the Internet address of the
+       two parties.  In addition to providing privacy, this  pro-
+       tocol  message  protects against modifications, insertions
+       or replays.   The  encapsulated  message  and  header  are
+       placed  in  the  area  pointed  to  by _o_u_t and the routine
+       returns the length of the  output,  or  -1  indicating  an
+       error.
+
+       _k_r_b___r_d___p_r_i_v   decrypts   and   authenticates   a  received
+       _k_r_b___m_k___p_r_i_v message.  _i_n points to the  beginning  of  the
+       received  message, whose length is specified in _i_n___l_e_n_g_t_h_.
+       The private session key, pointed to by _k_e_y_,  and  the  key
+       schedule,  _s_c_h_e_d_u_l_e_,  are  used  to decrypt and verify the
+       received message.  _m_s_g___d_a_t_a is  a  pointer  to  a  _M_S_G___D_A_T
+       struct,  defined  in  _k_r_b_._h_.   The  routine  fills  in the
+       _a_p_p___d_a_t_a field with a pointer to the decrypted application
+       data,  _a_p_p___l_e_n_g_t_h  with  the length of the _a_p_p___d_a_t_a field,
+       _t_i_m_e___s_e_c and _t_i_m_e___5_m_s with the timestamps in the  message,
+       and  _s_w_a_p  with  a  1 if the byte order of the receiver is
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     4
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       different than that of the sender.  (The application  must
+       still determine if it is appropriate to byte-swap applica-
+       tion data; the Kerberos protocol fields are already  taken
+       care  of).  The _h_a_s_h field returns a value useful as input
+       to the _k_r_b___c_k___r_e_p_l routine.
+
+       The routine returns zero if ok, or a Kerberos error  code.
+       Modified messages and old messages cause errors, but it is
+       up to the caller to check the time sequence  of  messages,
+       and  to  check  against  recently  replayed messages using
+       _k_r_b___c_k___r_e_p_l if so desired.
+
+       _k_r_b___m_k___s_a_f_e creates an authenticated, but unencrypted mes-
+       sage from any arbitrary application data, pointed to by _i_n
+       and  _i_n___l_e_n_g_t_h  bytes  long.   The  private  session  key,
+       pointed to by _k_e_y_, is used to seed the _q_u_a_d___c_k_s_u_m_(_) check-
+       sum algorithm used as part of the authentication.   _s_e_n_d_e_r
+       and _r_e_c_e_i_v_e_r point to the Internet address of the two par-
+       ties.  This message does not  provide  privacy,  but  does
+       protect  (via detection) against modifications, insertions
+       or replays.   The  encapsulated  message  and  header  are
+       placed  in  the  area  pointed  to  by _o_u_t and the routine
+       returns the length of the  output,  or  -1  indicating  an
+       error.  The authentication provided by this routine is not
+       as strong as that provided by _k_r_b___m_k___p_r_i_v or by  computing
+       the  checksum  using  _c_b_c___c_k_s_u_m  instead,  both  of  which
+       authenticate via DES.
+
+
+       _k_r_b___r_d___s_a_f_e authenticates a received _k_r_b___m_k___s_a_f_e  message.
+       _i_n  points to the beginning of the received message, whose
+       length is specified in  _i_n___l_e_n_g_t_h_.   The  private  session
+       key,  pointed  to by _k_e_y_, is used to seed the quad_cksum()
+       routine as part of  the  authentication.   _m_s_g___d_a_t_a  is  a
+       pointer  to a _M_S_G___D_A_T struct, defined in _k_r_b_._h _.  The rou-
+       tine fills in these _M_S_G___D_A_T  fields:  the  _a_p_p___d_a_t_a  field
+       with  a  pointer  to the application data, _a_p_p___l_e_n_g_t_h with
+       the length of the _a_p_p___d_a_t_a field,  _t_i_m_e___s_e_c  and  _t_i_m_e___5_m_s
+       with  the  timestamps in the message, and _s_w_a_p with a 1 if
+       the byte order of the receiver is different than  that  of
+       the  sender.   (The application must still determine if it
+       is appropriate to byte-swap application data; the Kerberos
+       protocol  fields  are  already  taken  care of).  The _h_a_s_h
+       field returns a value useful as input to  the  _k_r_b___c_k___r_e_p_l
+       routine.
+
+       The  routine returns zero if ok, or a Kerberos error code.
+       Modified messages and old messages cause errors, but it is
+       up  to  the caller to check the time sequence of messages,
+       and to check  against  recently  replayed  messages  using
+       _k_r_b___c_k___r_e_p_l if so desired.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     5
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       _k_r_b___m_k___e_r_r  constructs  an application level error message
+       that may be used along with  _k_r_b___m_k___p_r_i_v  or  _k_r_b___m_k___s_a_f_e_.
+       _o_u_t is a pointer to the output buffer, _c_o_d_e is an applica-
+       tion specific error code, and  _s_t_r_i_n_g  is  an  application
+       specific error string.
+
+
+       _k_r_b___r_d___e_r_r  unpacks  a  received  _k_r_b___m_k___e_r_r  message.  _i_n
+       points to the beginning of  the  received  message,  whose
+       length  is specified in _i_n___l_e_n_g_t_h_.  _c_o_d_e is a pointer to a
+       value to be filled in with the error value provided by the
+       application.   _m_s_g___d_a_t_a  is a pointer to a _M_S_G___D_A_T struct,
+       defined in _k_r_b_._h _.  The routine  fills  in  these  _M_S_G___D_A_T
+       fields:  the _a_p_p___d_a_t_a field with a pointer to the applica-
+       tion  error  text,  _a_p_p___l_e_n_g_t_h  with  the  length  of  the
+       _a_p_p___d_a_t_a field, and _s_w_a_p with a 1 if the byte order of the
+       receiver is different  than  that  of  the  sender.   (The
+       application  must  still determine if it is appropriate to
+       byte-swap application data; the Kerberos  protocol  fields
+       are already taken care of).
+
+       The  routine  returns  zero  if the error message has been
+       successfully received, or a Kerberos error code.
+
+       The _K_T_E_X_T structure is used to pass around text of varying
+       lengths.   It  consists  of  a  buffer for the data, and a
+       length.  krb_rd_req takes an argument of  this  type  con-
+       taining  the  authenticator,  and  krb_mk_req  returns the
+       authenticator in a structure of this type.   KTEXT  itself
+       is  really a pointer to the structure.   The actual struc-
+       ture is of type KTEXT_ST.
+
+       The _A_U_T_H___D_A_T structure is filled  in  by  krb_rd_req.   It
+       must be allocated before calling krb_rd_req, and a pointer
+       to it is passed.  The structure is  filled  in  with  data
+       obtained from Kerberos.  _M_S_G___D_A_T structure is filled in by
+       either krb_rd_priv, krb_rd_safe, or krb_rd_err.   It  must
+       be  allocated  before  the  call  and  a  pointer to it is
+       passed.  The structure is filled  in  with  data  obtained
+       from Kerberos.
+
+
+FFIILLEESS
+       /usr/include/kerberosIV/krb.h
+       /usr/lib/libkrb.a
+       /usr/include/kerberosIV/des.h
+       /usr/lib/libdes.a
+       /etc/kerberosIV/aname
+       /etc/kerberosIV/srvtab
+       /tmp/tkt[uid]
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     6
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+SSEEEE AALLSSOO
+       kerberos(1), des_crypt(3)
+
+DDIIAAGGNNOOSSTTIICCSS
+BBUUGGSS
+       The  caller  of  _k_r_b___r_d___r_e_q_,  _k_r_b___r_d___p_r_i_v_, _a_n_d _k_r_b___r_d___s_a_f_e
+       must  check  time   order   and   for   replay   attempts.
+       _k_r_b___c_k___r_e_p_l is not implemented yet.
+
+AAUUTTHHOORRSS
+       Clifford Neuman, MIT Project Athena
+       Steve  Miller, MIT Project Athena/Digital Equipment Corpo-
+       ration
+
+RREESSTTRRIICCTTIIOONNSS
+       COPYRIGHT 1985,1986,1989 Massachusetts Institute of  Tech-
+       nology
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     7
+
+
+
+
+
diff --git a/usr/share/man/cat3/krb_kntoln.0 b/usr/share/man/cat3/krb_kntoln.0
new file mode 100644
index 0000000000..ac1157fbda
--- /dev/null
+++ b/usr/share/man/cat3/krb_kntoln.0
@@ -0,0 +1,462 @@
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+NNAAMMEE
+       krb_mk_req,     krb_rd_req,    krb_kntoln,    krb_set_key,
+       krb_get_cred,   krb_mk_priv,   krb_rd_priv,   krb_mk_safe,
+       krb_rd_safe,  krb_mk_err,  krb_rd_err,  krb_ck_repl - Ker-
+       beros authentication library
+
+SSYYNNOOPPSSIISS
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//ddeess..hh>>
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//kkrrbb..hh>>
+
+       eexxtteerrnn cchhaarr **kkrrbb__eerrrr__ttxxtt[[]];;
+
+       iinntt kkrrbb__mmkk__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cchheecckkssuumm))
+       KKTTEEXXTT aauutthheenntt;;
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       cchhaarr **rreeaallmm;;
+       uu__lloonngg cchheecckkssuumm;;
+
+       iinntt kkrrbb__rrdd__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,ffrroomm__aaddddrr,,aadd,,ffnn))
+       KKTTEEXXTT aauutthheenntt;;
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       uu__lloonngg ffrroomm__aaddddrr;;
+       AAUUTTHH__DDAATT **aadd;;
+       cchhaarr **ffnn;;
+
+       iinntt kkrrbb__kknnttoollnn((aadd,,llnnaammee))
+       AAUUTTHH__DDAATT **aadd;;
+       cchhaarr **llnnaammee;;
+
+       iinntt kkrrbb__sseett__kkeeyy((kkeeyy,,ccvvtt))
+       cchhaarr **kkeeyy;;
+       iinntt ccvvtt;;
+
+       iinntt kkrrbb__ggeett__ccrreedd((sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cc))
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       cchhaarr **rreeaallmm;;
+       CCRREEDDEENNTTIIAALLSS **cc;;
+
+       lloonngg kkrrbb__mmkk__pprriivv((iinn,,oouutt,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
+       uu__cchhaarr **iinn;;
+       uu__cchhaarr **oouutt;;
+       uu__lloonngg iinn__lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+
+       lloonngg kkrrbb__rrdd__pprriivv((iinn,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       uu__cchhaarr **iinn;;
+       uu__lloonngg iinn__lleennggtthh;;
+       KKeeyy__sscchheedduullee sscchheedduullee;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+       lloonngg kkrrbb__mmkk__ssaaffee((iinn,,oouutt,,iinn__lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
+       uu__cchhaarr **iinn;;
+       uu__cchhaarr **oouutt;;
+       uu__lloonngg iinn__lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+
+       lloonngg kkrrbb__rrdd__ssaaffee((iinn,,lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
+       uu__cchhaarr **iinn;;
+       uu__lloonngg lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+       lloonngg kkrrbb__mmkk__eerrrr((oouutt,,ccooddee,,ssttrriinngg))
+       uu__cchhaarr **oouutt;;
+       lloonngg ccooddee;;
+       cchhaarr **ssttrriinngg;;
+
+       lloonngg kkrrbb__rrdd__eerrrr((iinn,,lleennggtthh,,ccooddee,,mmssgg__ddaattaa))
+       uu__cchhaarr **iinn;;
+       uu__lloonngg lleennggtthh;;
+       lloonngg ccooddee;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+DDEESSCCRRIIPPTTIIOONN
+       This library supports network authentication  and  various
+       related  operations.   The  library contains many routines
+       beyond those described in this man page, but they are  not
+       intended to be used directly.  Instead, they are called by
+       the routines that are described, the authentication server
+       and the login program.
+
+       _k_r_b___e_r_r___t_x_t_[_] contains text string descriptions of various
+       Kerberos error codes returned  by  some  of  the  routines
+       below.
+
+       _k_r_b___m_k___r_e_q takes a pointer to a text structure in which an
+       authenticator is to be built.  It  also  takes  the  name,
+       instance,  and  realm  of  the  service  to be used and an
+       optional checksum.  It is up to the application to  decide
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     2
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       how to generate the checksum.  _k_r_b___m_k___r_e_q then retrieves a
+       ticket for the desired service and creates an  authentica-
+       tor.   The authenticator is built in _a_u_t_h_e_n_t and is acces-
+       sible to the calling procedure.
+
+       It is up to the application to get  the  authenticator  to
+       the  service  where it will be read by _k_r_b___r_d___r_e_q_.  Unless
+       an attacker possesses the session  key  contained  in  the
+       ticket,  it  will  be  unable to modify the authenticator.
+       Thus, the checksum can be used to verify the  authenticity
+       of the other data that will pass through a connection.
+
+       _k_r_b___r_d___r_e_q takes an authenticator of type KKTTEEXXTT,, a service
+       name, an instance, the address of the host originating the
+       request,  and  a  pointer  to a structure of type AAUUTTHH__DDAATT
+       which is filled in  with  information  obtained  from  the
+       authenticator.   It  also optionally takes the name of the
+       file in which it will find the secret key(s) for the  ser-
+       vice.   If  the  supplied  _i_n_s_t_a_n_c_e contains "*", then the
+       first service key with the same service name found in  the
+       service  key  file will be used, and the _i_n_s_t_a_n_c_e argument
+       will be filled in with the chosen  instance.   This  means
+       that  the  caller  must provide space for such an instance
+       name.
+
+       It is used to find out  information  about  the  principal
+       when  a  request  has been made to a service.  It is up to
+       the application protocol to get the authenticator from the
+       client  to  the service.  The authenticator is then passed
+       to _k_r_b___r_d___r_e_q to extract the desired information.
+
+       _k_r_b___r_d___r_e_q returns zero (RD_AP_OK) upon successful authen-
+       tication.   If a packet was forged, modified, or replayed,
+       authentication will fail.  If the authentication fails,  a
+       non-zero value is returned indicating the particular prob-
+       lem encountered.  See _k_r_b_._h for the list of error codes.
+
+       If the last argument is the null string  (""),  krb_rd_req
+       will  use  the  file /etc/srvtab to find its keys.  If the
+       last argument is NULL, it will assume  that  the  key  has
+       been  set  by _k_r_b___s_e_t___k_e_y and will not bother looking fur-
+       ther.
+
+       _k_r_b___k_n_t_o_l_n converts a Kerberos name to a local  name.   It
+       takes  a  structure of type AUTH_DAT and uses the name and
+       instance to look in the database /etc/aname  to  find  the
+       corresponding  local name.  The local name is returned and
+       can be used by an application to change uids, directories,
+       or  other  parameters.  It is not an integral part of Ker-
+       beros, but is instead provided to support the use of  Ker-
+       beros in existing utilities.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     3
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       _k_r_b___s_e_t___k_e_y  takes as an argument a des key.  It then cre-
+       ates a key schedule from it and saves the original key  to
+       be  used  as  an initialization vector.  It is used to set
+       the server's key which must be used to decrypt tickets.
+
+       If called with a  non-zero  second  argument,  _k_r_b___s_e_t___k_e_y
+       will  first  convert  the input from a string of arbitrary
+       length to a DES key by encrypting it with a one-way  func-
+       tion.
+
+       In   most  cases  it  should  not  be  necessary  to  call
+       _k_r_b___s_e_t___k_e_y_.  The necessary keys will usually be  obtained
+       and  set  inside  _k_r_b___r_d___r_e_q_.  _k_r_b___s_e_t___k_e_y is provided for
+       those applications that do not wish to place the  applica-
+       tion keys on disk.
+
+       _k_r_b___g_e_t___c_r_e_d  searches  the  caller's  ticket  file  for a
+       ticket for the given service, instance, and realm; and, if
+       a  ticket  is found, fills in the given CREDENTIALS struc-
+       ture with the ticket information.
+
+       If the ticket was found, _k_r_b___g_e_t___c_r_e_d returns  GC_OK.   If
+       the  ticket  file  can't  be found, can't be read, doesn't
+       belong to the user (other  than  root),  isn't  a  regular
+       file,  or  is  in  the  wrong  mode, the error GC_TKFIL is
+       returned.
+
+       _k_r_b___m_k___p_r_i_v creates an  encrypted,  authenticated  message
+       from  any arbitrary application data, pointed to by _i_n and
+       _i_n___l_e_n_g_t_h bytes long.  The private session key, pointed to
+       by _k_e_y and the key schedule, _s_c_h_e_d_u_l_e_, are used to encrypt
+       the data and some header information  using  _p_c_b_c___e_n_c_r_y_p_t_.
+       _s_e_n_d_e_r  and  _r_e_c_e_i_v_e_r point to the Internet address of the
+       two parties.  In addition to providing privacy, this  pro-
+       tocol  message  protects against modifications, insertions
+       or replays.   The  encapsulated  message  and  header  are
+       placed  in  the  area  pointed  to  by _o_u_t and the routine
+       returns the length of the  output,  or  -1  indicating  an
+       error.
+
+       _k_r_b___r_d___p_r_i_v   decrypts   and   authenticates   a  received
+       _k_r_b___m_k___p_r_i_v message.  _i_n points to the  beginning  of  the
+       received  message, whose length is specified in _i_n___l_e_n_g_t_h_.
+       The private session key, pointed to by _k_e_y_,  and  the  key
+       schedule,  _s_c_h_e_d_u_l_e_,  are  used  to decrypt and verify the
+       received message.  _m_s_g___d_a_t_a is  a  pointer  to  a  _M_S_G___D_A_T
+       struct,  defined  in  _k_r_b_._h_.   The  routine  fills  in the
+       _a_p_p___d_a_t_a field with a pointer to the decrypted application
+       data,  _a_p_p___l_e_n_g_t_h  with  the length of the _a_p_p___d_a_t_a field,
+       _t_i_m_e___s_e_c and _t_i_m_e___5_m_s with the timestamps in the  message,
+       and  _s_w_a_p  with  a  1 if the byte order of the receiver is
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     4
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       different than that of the sender.  (The application  must
+       still determine if it is appropriate to byte-swap applica-
+       tion data; the Kerberos protocol fields are already  taken
+       care  of).  The _h_a_s_h field returns a value useful as input
+       to the _k_r_b___c_k___r_e_p_l routine.
+
+       The routine returns zero if ok, or a Kerberos error  code.
+       Modified messages and old messages cause errors, but it is
+       up to the caller to check the time sequence  of  messages,
+       and  to  check  against  recently  replayed messages using
+       _k_r_b___c_k___r_e_p_l if so desired.
+
+       _k_r_b___m_k___s_a_f_e creates an authenticated, but unencrypted mes-
+       sage from any arbitrary application data, pointed to by _i_n
+       and  _i_n___l_e_n_g_t_h  bytes  long.   The  private  session  key,
+       pointed to by _k_e_y_, is used to seed the _q_u_a_d___c_k_s_u_m_(_) check-
+       sum algorithm used as part of the authentication.   _s_e_n_d_e_r
+       and _r_e_c_e_i_v_e_r point to the Internet address of the two par-
+       ties.  This message does not  provide  privacy,  but  does
+       protect  (via detection) against modifications, insertions
+       or replays.   The  encapsulated  message  and  header  are
+       placed  in  the  area  pointed  to  by _o_u_t and the routine
+       returns the length of the  output,  or  -1  indicating  an
+       error.  The authentication provided by this routine is not
+       as strong as that provided by _k_r_b___m_k___p_r_i_v or by  computing
+       the  checksum  using  _c_b_c___c_k_s_u_m  instead,  both  of  which
+       authenticate via DES.
+
+
+       _k_r_b___r_d___s_a_f_e authenticates a received _k_r_b___m_k___s_a_f_e  message.
+       _i_n  points to the beginning of the received message, whose
+       length is specified in  _i_n___l_e_n_g_t_h_.   The  private  session
+       key,  pointed  to by _k_e_y_, is used to seed the quad_cksum()
+       routine as part of  the  authentication.   _m_s_g___d_a_t_a  is  a
+       pointer  to a _M_S_G___D_A_T struct, defined in _k_r_b_._h _.  The rou-
+       tine fills in these _M_S_G___D_A_T  fields:  the  _a_p_p___d_a_t_a  field
+       with  a  pointer  to the application data, _a_p_p___l_e_n_g_t_h with
+       the length of the _a_p_p___d_a_t_a field,  _t_i_m_e___s_e_c  and  _t_i_m_e___5_m_s
+       with  the  timestamps in the message, and _s_w_a_p with a 1 if
+       the byte order of the receiver is different than  that  of
+       the  sender.   (The application must still determine if it
+       is appropriate to byte-swap application data; the Kerberos
+       protocol  fields  are  already  taken  care of).  The _h_a_s_h
+       field returns a value useful as input to  the  _k_r_b___c_k___r_e_p_l
+       routine.
+
+       The  routine returns zero if ok, or a Kerberos error code.
+       Modified messages and old messages cause errors, but it is
+       up  to  the caller to check the time sequence of messages,
+       and to check  against  recently  replayed  messages  using
+       _k_r_b___c_k___r_e_p_l if so desired.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     5
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       _k_r_b___m_k___e_r_r  constructs  an application level error message
+       that may be used along with  _k_r_b___m_k___p_r_i_v  or  _k_r_b___m_k___s_a_f_e_.
+       _o_u_t is a pointer to the output buffer, _c_o_d_e is an applica-
+       tion specific error code, and  _s_t_r_i_n_g  is  an  application
+       specific error string.
+
+
+       _k_r_b___r_d___e_r_r  unpacks  a  received  _k_r_b___m_k___e_r_r  message.  _i_n
+       points to the beginning of  the  received  message,  whose
+       length  is specified in _i_n___l_e_n_g_t_h_.  _c_o_d_e is a pointer to a
+       value to be filled in with the error value provided by the
+       application.   _m_s_g___d_a_t_a  is a pointer to a _M_S_G___D_A_T struct,
+       defined in _k_r_b_._h _.  The routine  fills  in  these  _M_S_G___D_A_T
+       fields:  the _a_p_p___d_a_t_a field with a pointer to the applica-
+       tion  error  text,  _a_p_p___l_e_n_g_t_h  with  the  length  of  the
+       _a_p_p___d_a_t_a field, and _s_w_a_p with a 1 if the byte order of the
+       receiver is different  than  that  of  the  sender.   (The
+       application  must  still determine if it is appropriate to
+       byte-swap application data; the Kerberos  protocol  fields
+       are already taken care of).
+
+       The  routine  returns  zero  if the error message has been
+       successfully received, or a Kerberos error code.
+
+       The _K_T_E_X_T structure is used to pass around text of varying
+       lengths.   It  consists  of  a  buffer for the data, and a
+       length.  krb_rd_req takes an argument of  this  type  con-
+       taining  the  authenticator,  and  krb_mk_req  returns the
+       authenticator in a structure of this type.   KTEXT  itself
+       is  really a pointer to the structure.   The actual struc-
+       ture is of type KTEXT_ST.
+
+       The _A_U_T_H___D_A_T structure is filled  in  by  krb_rd_req.   It
+       must be allocated before calling krb_rd_req, and a pointer
+       to it is passed.  The structure is  filled  in  with  data
+       obtained from Kerberos.  _M_S_G___D_A_T structure is filled in by
+       either krb_rd_priv, krb_rd_safe, or krb_rd_err.   It  must
+       be  allocated  before  the  call  and  a  pointer to it is
+       passed.  The structure is filled  in  with  data  obtained
+       from Kerberos.
+
+
+FFIILLEESS
+       /usr/include/kerberosIV/krb.h
+       /usr/lib/libkrb.a
+       /usr/include/kerberosIV/des.h
+       /usr/lib/libdes.a
+       /etc/kerberosIV/aname
+       /etc/kerberosIV/srvtab
+       /tmp/tkt[uid]
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     6
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+SSEEEE AALLSSOO
+       kerberos(1), des_crypt(3)
+
+DDIIAAGGNNOOSSTTIICCSS
+BBUUGGSS
+       The  caller  of  _k_r_b___r_d___r_e_q_,  _k_r_b___r_d___p_r_i_v_, _a_n_d _k_r_b___r_d___s_a_f_e
+       must  check  time   order   and   for   replay   attempts.
+       _k_r_b___c_k___r_e_p_l is not implemented yet.
+
+AAUUTTHHOORRSS
+       Clifford Neuman, MIT Project Athena
+       Steve  Miller, MIT Project Athena/Digital Equipment Corpo-
+       ration
+
+RREESSTTRRIICCTTIIOONNSS
+       COPYRIGHT 1985,1986,1989 Massachusetts Institute of  Tech-
+       nology
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     7
+
+
+
+
+
diff --git a/usr/share/man/cat3/krb_mk_err.0 b/usr/share/man/cat3/krb_mk_err.0
new file mode 100644
index 0000000000..ac1157fbda
--- /dev/null
+++ b/usr/share/man/cat3/krb_mk_err.0
@@ -0,0 +1,462 @@
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+NNAAMMEE
+       krb_mk_req,     krb_rd_req,    krb_kntoln,    krb_set_key,
+       krb_get_cred,   krb_mk_priv,   krb_rd_priv,   krb_mk_safe,
+       krb_rd_safe,  krb_mk_err,  krb_rd_err,  krb_ck_repl - Ker-
+       beros authentication library
+
+SSYYNNOOPPSSIISS
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//ddeess..hh>>
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//kkrrbb..hh>>
+
+       eexxtteerrnn cchhaarr **kkrrbb__eerrrr__ttxxtt[[]];;
+
+       iinntt kkrrbb__mmkk__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cchheecckkssuumm))
+       KKTTEEXXTT aauutthheenntt;;
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       cchhaarr **rreeaallmm;;
+       uu__lloonngg cchheecckkssuumm;;
+
+       iinntt kkrrbb__rrdd__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,ffrroomm__aaddddrr,,aadd,,ffnn))
+       KKTTEEXXTT aauutthheenntt;;
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       uu__lloonngg ffrroomm__aaddddrr;;
+       AAUUTTHH__DDAATT **aadd;;
+       cchhaarr **ffnn;;
+
+       iinntt kkrrbb__kknnttoollnn((aadd,,llnnaammee))
+       AAUUTTHH__DDAATT **aadd;;
+       cchhaarr **llnnaammee;;
+
+       iinntt kkrrbb__sseett__kkeeyy((kkeeyy,,ccvvtt))
+       cchhaarr **kkeeyy;;
+       iinntt ccvvtt;;
+
+       iinntt kkrrbb__ggeett__ccrreedd((sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cc))
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       cchhaarr **rreeaallmm;;
+       CCRREEDDEENNTTIIAALLSS **cc;;
+
+       lloonngg kkrrbb__mmkk__pprriivv((iinn,,oouutt,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
+       uu__cchhaarr **iinn;;
+       uu__cchhaarr **oouutt;;
+       uu__lloonngg iinn__lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+
+       lloonngg kkrrbb__rrdd__pprriivv((iinn,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       uu__cchhaarr **iinn;;
+       uu__lloonngg iinn__lleennggtthh;;
+       KKeeyy__sscchheedduullee sscchheedduullee;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+       lloonngg kkrrbb__mmkk__ssaaffee((iinn,,oouutt,,iinn__lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
+       uu__cchhaarr **iinn;;
+       uu__cchhaarr **oouutt;;
+       uu__lloonngg iinn__lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+
+       lloonngg kkrrbb__rrdd__ssaaffee((iinn,,lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
+       uu__cchhaarr **iinn;;
+       uu__lloonngg lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+       lloonngg kkrrbb__mmkk__eerrrr((oouutt,,ccooddee,,ssttrriinngg))
+       uu__cchhaarr **oouutt;;
+       lloonngg ccooddee;;
+       cchhaarr **ssttrriinngg;;
+
+       lloonngg kkrrbb__rrdd__eerrrr((iinn,,lleennggtthh,,ccooddee,,mmssgg__ddaattaa))
+       uu__cchhaarr **iinn;;
+       uu__lloonngg lleennggtthh;;
+       lloonngg ccooddee;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+DDEESSCCRRIIPPTTIIOONN
+       This library supports network authentication  and  various
+       related  operations.   The  library contains many routines
+       beyond those described in this man page, but they are  not
+       intended to be used directly.  Instead, they are called by
+       the routines that are described, the authentication server
+       and the login program.
+
+       _k_r_b___e_r_r___t_x_t_[_] contains text string descriptions of various
+       Kerberos error codes returned  by  some  of  the  routines
+       below.
+
+       _k_r_b___m_k___r_e_q takes a pointer to a text structure in which an
+       authenticator is to be built.  It  also  takes  the  name,
+       instance,  and  realm  of  the  service  to be used and an
+       optional checksum.  It is up to the application to  decide
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     2
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       how to generate the checksum.  _k_r_b___m_k___r_e_q then retrieves a
+       ticket for the desired service and creates an  authentica-
+       tor.   The authenticator is built in _a_u_t_h_e_n_t and is acces-
+       sible to the calling procedure.
+
+       It is up to the application to get  the  authenticator  to
+       the  service  where it will be read by _k_r_b___r_d___r_e_q_.  Unless
+       an attacker possesses the session  key  contained  in  the
+       ticket,  it  will  be  unable to modify the authenticator.
+       Thus, the checksum can be used to verify the  authenticity
+       of the other data that will pass through a connection.
+
+       _k_r_b___r_d___r_e_q takes an authenticator of type KKTTEEXXTT,, a service
+       name, an instance, the address of the host originating the
+       request,  and  a  pointer  to a structure of type AAUUTTHH__DDAATT
+       which is filled in  with  information  obtained  from  the
+       authenticator.   It  also optionally takes the name of the
+       file in which it will find the secret key(s) for the  ser-
+       vice.   If  the  supplied  _i_n_s_t_a_n_c_e contains "*", then the
+       first service key with the same service name found in  the
+       service  key  file will be used, and the _i_n_s_t_a_n_c_e argument
+       will be filled in with the chosen  instance.   This  means
+       that  the  caller  must provide space for such an instance
+       name.
+
+       It is used to find out  information  about  the  principal
+       when  a  request  has been made to a service.  It is up to
+       the application protocol to get the authenticator from the
+       client  to  the service.  The authenticator is then passed
+       to _k_r_b___r_d___r_e_q to extract the desired information.
+
+       _k_r_b___r_d___r_e_q returns zero (RD_AP_OK) upon successful authen-
+       tication.   If a packet was forged, modified, or replayed,
+       authentication will fail.  If the authentication fails,  a
+       non-zero value is returned indicating the particular prob-
+       lem encountered.  See _k_r_b_._h for the list of error codes.
+
+       If the last argument is the null string  (""),  krb_rd_req
+       will  use  the  file /etc/srvtab to find its keys.  If the
+       last argument is NULL, it will assume  that  the  key  has
+       been  set  by _k_r_b___s_e_t___k_e_y and will not bother looking fur-
+       ther.
+
+       _k_r_b___k_n_t_o_l_n converts a Kerberos name to a local  name.   It
+       takes  a  structure of type AUTH_DAT and uses the name and
+       instance to look in the database /etc/aname  to  find  the
+       corresponding  local name.  The local name is returned and
+       can be used by an application to change uids, directories,
+       or  other  parameters.  It is not an integral part of Ker-
+       beros, but is instead provided to support the use of  Ker-
+       beros in existing utilities.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     3
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       _k_r_b___s_e_t___k_e_y  takes as an argument a des key.  It then cre-
+       ates a key schedule from it and saves the original key  to
+       be  used  as  an initialization vector.  It is used to set
+       the server's key which must be used to decrypt tickets.
+
+       If called with a  non-zero  second  argument,  _k_r_b___s_e_t___k_e_y
+       will  first  convert  the input from a string of arbitrary
+       length to a DES key by encrypting it with a one-way  func-
+       tion.
+
+       In   most  cases  it  should  not  be  necessary  to  call
+       _k_r_b___s_e_t___k_e_y_.  The necessary keys will usually be  obtained
+       and  set  inside  _k_r_b___r_d___r_e_q_.  _k_r_b___s_e_t___k_e_y is provided for
+       those applications that do not wish to place the  applica-
+       tion keys on disk.
+
+       _k_r_b___g_e_t___c_r_e_d  searches  the  caller's  ticket  file  for a
+       ticket for the given service, instance, and realm; and, if
+       a  ticket  is found, fills in the given CREDENTIALS struc-
+       ture with the ticket information.
+
+       If the ticket was found, _k_r_b___g_e_t___c_r_e_d returns  GC_OK.   If
+       the  ticket  file  can't  be found, can't be read, doesn't
+       belong to the user (other  than  root),  isn't  a  regular
+       file,  or  is  in  the  wrong  mode, the error GC_TKFIL is
+       returned.
+
+       _k_r_b___m_k___p_r_i_v creates an  encrypted,  authenticated  message
+       from  any arbitrary application data, pointed to by _i_n and
+       _i_n___l_e_n_g_t_h bytes long.  The private session key, pointed to
+       by _k_e_y and the key schedule, _s_c_h_e_d_u_l_e_, are used to encrypt
+       the data and some header information  using  _p_c_b_c___e_n_c_r_y_p_t_.
+       _s_e_n_d_e_r  and  _r_e_c_e_i_v_e_r point to the Internet address of the
+       two parties.  In addition to providing privacy, this  pro-
+       tocol  message  protects against modifications, insertions
+       or replays.   The  encapsulated  message  and  header  are
+       placed  in  the  area  pointed  to  by _o_u_t and the routine
+       returns the length of the  output,  or  -1  indicating  an
+       error.
+
+       _k_r_b___r_d___p_r_i_v   decrypts   and   authenticates   a  received
+       _k_r_b___m_k___p_r_i_v message.  _i_n points to the  beginning  of  the
+       received  message, whose length is specified in _i_n___l_e_n_g_t_h_.
+       The private session key, pointed to by _k_e_y_,  and  the  key
+       schedule,  _s_c_h_e_d_u_l_e_,  are  used  to decrypt and verify the
+       received message.  _m_s_g___d_a_t_a is  a  pointer  to  a  _M_S_G___D_A_T
+       struct,  defined  in  _k_r_b_._h_.   The  routine  fills  in the
+       _a_p_p___d_a_t_a field with a pointer to the decrypted application
+       data,  _a_p_p___l_e_n_g_t_h  with  the length of the _a_p_p___d_a_t_a field,
+       _t_i_m_e___s_e_c and _t_i_m_e___5_m_s with the timestamps in the  message,
+       and  _s_w_a_p  with  a  1 if the byte order of the receiver is
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     4
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       different than that of the sender.  (The application  must
+       still determine if it is appropriate to byte-swap applica-
+       tion data; the Kerberos protocol fields are already  taken
+       care  of).  The _h_a_s_h field returns a value useful as input
+       to the _k_r_b___c_k___r_e_p_l routine.
+
+       The routine returns zero if ok, or a Kerberos error  code.
+       Modified messages and old messages cause errors, but it is
+       up to the caller to check the time sequence  of  messages,
+       and  to  check  against  recently  replayed messages using
+       _k_r_b___c_k___r_e_p_l if so desired.
+
+       _k_r_b___m_k___s_a_f_e creates an authenticated, but unencrypted mes-
+       sage from any arbitrary application data, pointed to by _i_n
+       and  _i_n___l_e_n_g_t_h  bytes  long.   The  private  session  key,
+       pointed to by _k_e_y_, is used to seed the _q_u_a_d___c_k_s_u_m_(_) check-
+       sum algorithm used as part of the authentication.   _s_e_n_d_e_r
+       and _r_e_c_e_i_v_e_r point to the Internet address of the two par-
+       ties.  This message does not  provide  privacy,  but  does
+       protect  (via detection) against modifications, insertions
+       or replays.   The  encapsulated  message  and  header  are
+       placed  in  the  area  pointed  to  by _o_u_t and the routine
+       returns the length of the  output,  or  -1  indicating  an
+       error.  The authentication provided by this routine is not
+       as strong as that provided by _k_r_b___m_k___p_r_i_v or by  computing
+       the  checksum  using  _c_b_c___c_k_s_u_m  instead,  both  of  which
+       authenticate via DES.
+
+
+       _k_r_b___r_d___s_a_f_e authenticates a received _k_r_b___m_k___s_a_f_e  message.
+       _i_n  points to the beginning of the received message, whose
+       length is specified in  _i_n___l_e_n_g_t_h_.   The  private  session
+       key,  pointed  to by _k_e_y_, is used to seed the quad_cksum()
+       routine as part of  the  authentication.   _m_s_g___d_a_t_a  is  a
+       pointer  to a _M_S_G___D_A_T struct, defined in _k_r_b_._h _.  The rou-
+       tine fills in these _M_S_G___D_A_T  fields:  the  _a_p_p___d_a_t_a  field
+       with  a  pointer  to the application data, _a_p_p___l_e_n_g_t_h with
+       the length of the _a_p_p___d_a_t_a field,  _t_i_m_e___s_e_c  and  _t_i_m_e___5_m_s
+       with  the  timestamps in the message, and _s_w_a_p with a 1 if
+       the byte order of the receiver is different than  that  of
+       the  sender.   (The application must still determine if it
+       is appropriate to byte-swap application data; the Kerberos
+       protocol  fields  are  already  taken  care of).  The _h_a_s_h
+       field returns a value useful as input to  the  _k_r_b___c_k___r_e_p_l
+       routine.
+
+       The  routine returns zero if ok, or a Kerberos error code.
+       Modified messages and old messages cause errors, but it is
+       up  to  the caller to check the time sequence of messages,
+       and to check  against  recently  replayed  messages  using
+       _k_r_b___c_k___r_e_p_l if so desired.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     5
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       _k_r_b___m_k___e_r_r  constructs  an application level error message
+       that may be used along with  _k_r_b___m_k___p_r_i_v  or  _k_r_b___m_k___s_a_f_e_.
+       _o_u_t is a pointer to the output buffer, _c_o_d_e is an applica-
+       tion specific error code, and  _s_t_r_i_n_g  is  an  application
+       specific error string.
+
+
+       _k_r_b___r_d___e_r_r  unpacks  a  received  _k_r_b___m_k___e_r_r  message.  _i_n
+       points to the beginning of  the  received  message,  whose
+       length  is specified in _i_n___l_e_n_g_t_h_.  _c_o_d_e is a pointer to a
+       value to be filled in with the error value provided by the
+       application.   _m_s_g___d_a_t_a  is a pointer to a _M_S_G___D_A_T struct,
+       defined in _k_r_b_._h _.  The routine  fills  in  these  _M_S_G___D_A_T
+       fields:  the _a_p_p___d_a_t_a field with a pointer to the applica-
+       tion  error  text,  _a_p_p___l_e_n_g_t_h  with  the  length  of  the
+       _a_p_p___d_a_t_a field, and _s_w_a_p with a 1 if the byte order of the
+       receiver is different  than  that  of  the  sender.   (The
+       application  must  still determine if it is appropriate to
+       byte-swap application data; the Kerberos  protocol  fields
+       are already taken care of).
+
+       The  routine  returns  zero  if the error message has been
+       successfully received, or a Kerberos error code.
+
+       The _K_T_E_X_T structure is used to pass around text of varying
+       lengths.   It  consists  of  a  buffer for the data, and a
+       length.  krb_rd_req takes an argument of  this  type  con-
+       taining  the  authenticator,  and  krb_mk_req  returns the
+       authenticator in a structure of this type.   KTEXT  itself
+       is  really a pointer to the structure.   The actual struc-
+       ture is of type KTEXT_ST.
+
+       The _A_U_T_H___D_A_T structure is filled  in  by  krb_rd_req.   It
+       must be allocated before calling krb_rd_req, and a pointer
+       to it is passed.  The structure is  filled  in  with  data
+       obtained from Kerberos.  _M_S_G___D_A_T structure is filled in by
+       either krb_rd_priv, krb_rd_safe, or krb_rd_err.   It  must
+       be  allocated  before  the  call  and  a  pointer to it is
+       passed.  The structure is filled  in  with  data  obtained
+       from Kerberos.
+
+
+FFIILLEESS
+       /usr/include/kerberosIV/krb.h
+       /usr/lib/libkrb.a
+       /usr/include/kerberosIV/des.h
+       /usr/lib/libdes.a
+       /etc/kerberosIV/aname
+       /etc/kerberosIV/srvtab
+       /tmp/tkt[uid]
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     6
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+SSEEEE AALLSSOO
+       kerberos(1), des_crypt(3)
+
+DDIIAAGGNNOOSSTTIICCSS
+BBUUGGSS
+       The  caller  of  _k_r_b___r_d___r_e_q_,  _k_r_b___r_d___p_r_i_v_, _a_n_d _k_r_b___r_d___s_a_f_e
+       must  check  time   order   and   for   replay   attempts.
+       _k_r_b___c_k___r_e_p_l is not implemented yet.
+
+AAUUTTHHOORRSS
+       Clifford Neuman, MIT Project Athena
+       Steve  Miller, MIT Project Athena/Digital Equipment Corpo-
+       ration
+
+RREESSTTRRIICCTTIIOONNSS
+       COPYRIGHT 1985,1986,1989 Massachusetts Institute of  Tech-
+       nology
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     7
+
+
+
+
+
diff --git a/usr/share/man/cat3/krb_mk_priv.0 b/usr/share/man/cat3/krb_mk_priv.0
new file mode 100644
index 0000000000..ac1157fbda
--- /dev/null
+++ b/usr/share/man/cat3/krb_mk_priv.0
@@ -0,0 +1,462 @@
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+NNAAMMEE
+       krb_mk_req,     krb_rd_req,    krb_kntoln,    krb_set_key,
+       krb_get_cred,   krb_mk_priv,   krb_rd_priv,   krb_mk_safe,
+       krb_rd_safe,  krb_mk_err,  krb_rd_err,  krb_ck_repl - Ker-
+       beros authentication library
+
+SSYYNNOOPPSSIISS
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//ddeess..hh>>
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//kkrrbb..hh>>
+
+       eexxtteerrnn cchhaarr **kkrrbb__eerrrr__ttxxtt[[]];;
+
+       iinntt kkrrbb__mmkk__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cchheecckkssuumm))
+       KKTTEEXXTT aauutthheenntt;;
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       cchhaarr **rreeaallmm;;
+       uu__lloonngg cchheecckkssuumm;;
+
+       iinntt kkrrbb__rrdd__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,ffrroomm__aaddddrr,,aadd,,ffnn))
+       KKTTEEXXTT aauutthheenntt;;
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       uu__lloonngg ffrroomm__aaddddrr;;
+       AAUUTTHH__DDAATT **aadd;;
+       cchhaarr **ffnn;;
+
+       iinntt kkrrbb__kknnttoollnn((aadd,,llnnaammee))
+       AAUUTTHH__DDAATT **aadd;;
+       cchhaarr **llnnaammee;;
+
+       iinntt kkrrbb__sseett__kkeeyy((kkeeyy,,ccvvtt))
+       cchhaarr **kkeeyy;;
+       iinntt ccvvtt;;
+
+       iinntt kkrrbb__ggeett__ccrreedd((sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cc))
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       cchhaarr **rreeaallmm;;
+       CCRREEDDEENNTTIIAALLSS **cc;;
+
+       lloonngg kkrrbb__mmkk__pprriivv((iinn,,oouutt,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
+       uu__cchhaarr **iinn;;
+       uu__cchhaarr **oouutt;;
+       uu__lloonngg iinn__lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+
+       lloonngg kkrrbb__rrdd__pprriivv((iinn,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       uu__cchhaarr **iinn;;
+       uu__lloonngg iinn__lleennggtthh;;
+       KKeeyy__sscchheedduullee sscchheedduullee;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+       lloonngg kkrrbb__mmkk__ssaaffee((iinn,,oouutt,,iinn__lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
+       uu__cchhaarr **iinn;;
+       uu__cchhaarr **oouutt;;
+       uu__lloonngg iinn__lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+
+       lloonngg kkrrbb__rrdd__ssaaffee((iinn,,lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
+       uu__cchhaarr **iinn;;
+       uu__lloonngg lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+       lloonngg kkrrbb__mmkk__eerrrr((oouutt,,ccooddee,,ssttrriinngg))
+       uu__cchhaarr **oouutt;;
+       lloonngg ccooddee;;
+       cchhaarr **ssttrriinngg;;
+
+       lloonngg kkrrbb__rrdd__eerrrr((iinn,,lleennggtthh,,ccooddee,,mmssgg__ddaattaa))
+       uu__cchhaarr **iinn;;
+       uu__lloonngg lleennggtthh;;
+       lloonngg ccooddee;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+DDEESSCCRRIIPPTTIIOONN
+       This library supports network authentication  and  various
+       related  operations.   The  library contains many routines
+       beyond those described in this man page, but they are  not
+       intended to be used directly.  Instead, they are called by
+       the routines that are described, the authentication server
+       and the login program.
+
+       _k_r_b___e_r_r___t_x_t_[_] contains text string descriptions of various
+       Kerberos error codes returned  by  some  of  the  routines
+       below.
+
+       _k_r_b___m_k___r_e_q takes a pointer to a text structure in which an
+       authenticator is to be built.  It  also  takes  the  name,
+       instance,  and  realm  of  the  service  to be used and an
+       optional checksum.  It is up to the application to  decide
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     2
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       how to generate the checksum.  _k_r_b___m_k___r_e_q then retrieves a
+       ticket for the desired service and creates an  authentica-
+       tor.   The authenticator is built in _a_u_t_h_e_n_t and is acces-
+       sible to the calling procedure.
+
+       It is up to the application to get  the  authenticator  to
+       the  service  where it will be read by _k_r_b___r_d___r_e_q_.  Unless
+       an attacker possesses the session  key  contained  in  the
+       ticket,  it  will  be  unable to modify the authenticator.
+       Thus, the checksum can be used to verify the  authenticity
+       of the other data that will pass through a connection.
+
+       _k_r_b___r_d___r_e_q takes an authenticator of type KKTTEEXXTT,, a service
+       name, an instance, the address of the host originating the
+       request,  and  a  pointer  to a structure of type AAUUTTHH__DDAATT
+       which is filled in  with  information  obtained  from  the
+       authenticator.   It  also optionally takes the name of the
+       file in which it will find the secret key(s) for the  ser-
+       vice.   If  the  supplied  _i_n_s_t_a_n_c_e contains "*", then the
+       first service key with the same service name found in  the
+       service  key  file will be used, and the _i_n_s_t_a_n_c_e argument
+       will be filled in with the chosen  instance.   This  means
+       that  the  caller  must provide space for such an instance
+       name.
+
+       It is used to find out  information  about  the  principal
+       when  a  request  has been made to a service.  It is up to
+       the application protocol to get the authenticator from the
+       client  to  the service.  The authenticator is then passed
+       to _k_r_b___r_d___r_e_q to extract the desired information.
+
+       _k_r_b___r_d___r_e_q returns zero (RD_AP_OK) upon successful authen-
+       tication.   If a packet was forged, modified, or replayed,
+       authentication will fail.  If the authentication fails,  a
+       non-zero value is returned indicating the particular prob-
+       lem encountered.  See _k_r_b_._h for the list of error codes.
+
+       If the last argument is the null string  (""),  krb_rd_req
+       will  use  the  file /etc/srvtab to find its keys.  If the
+       last argument is NULL, it will assume  that  the  key  has
+       been  set  by _k_r_b___s_e_t___k_e_y and will not bother looking fur-
+       ther.
+
+       _k_r_b___k_n_t_o_l_n converts a Kerberos name to a local  name.   It
+       takes  a  structure of type AUTH_DAT and uses the name and
+       instance to look in the database /etc/aname  to  find  the
+       corresponding  local name.  The local name is returned and
+       can be used by an application to change uids, directories,
+       or  other  parameters.  It is not an integral part of Ker-
+       beros, but is instead provided to support the use of  Ker-
+       beros in existing utilities.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     3
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       _k_r_b___s_e_t___k_e_y  takes as an argument a des key.  It then cre-
+       ates a key schedule from it and saves the original key  to
+       be  used  as  an initialization vector.  It is used to set
+       the server's key which must be used to decrypt tickets.
+
+       If called with a  non-zero  second  argument,  _k_r_b___s_e_t___k_e_y
+       will  first  convert  the input from a string of arbitrary
+       length to a DES key by encrypting it with a one-way  func-
+       tion.
+
+       In   most  cases  it  should  not  be  necessary  to  call
+       _k_r_b___s_e_t___k_e_y_.  The necessary keys will usually be  obtained
+       and  set  inside  _k_r_b___r_d___r_e_q_.  _k_r_b___s_e_t___k_e_y is provided for
+       those applications that do not wish to place the  applica-
+       tion keys on disk.
+
+       _k_r_b___g_e_t___c_r_e_d  searches  the  caller's  ticket  file  for a
+       ticket for the given service, instance, and realm; and, if
+       a  ticket  is found, fills in the given CREDENTIALS struc-
+       ture with the ticket information.
+
+       If the ticket was found, _k_r_b___g_e_t___c_r_e_d returns  GC_OK.   If
+       the  ticket  file  can't  be found, can't be read, doesn't
+       belong to the user (other  than  root),  isn't  a  regular
+       file,  or  is  in  the  wrong  mode, the error GC_TKFIL is
+       returned.
+
+       _k_r_b___m_k___p_r_i_v creates an  encrypted,  authenticated  message
+       from  any arbitrary application data, pointed to by _i_n and
+       _i_n___l_e_n_g_t_h bytes long.  The private session key, pointed to
+       by _k_e_y and the key schedule, _s_c_h_e_d_u_l_e_, are used to encrypt
+       the data and some header information  using  _p_c_b_c___e_n_c_r_y_p_t_.
+       _s_e_n_d_e_r  and  _r_e_c_e_i_v_e_r point to the Internet address of the
+       two parties.  In addition to providing privacy, this  pro-
+       tocol  message  protects against modifications, insertions
+       or replays.   The  encapsulated  message  and  header  are
+       placed  in  the  area  pointed  to  by _o_u_t and the routine
+       returns the length of the  output,  or  -1  indicating  an
+       error.
+
+       _k_r_b___r_d___p_r_i_v   decrypts   and   authenticates   a  received
+       _k_r_b___m_k___p_r_i_v message.  _i_n points to the  beginning  of  the
+       received  message, whose length is specified in _i_n___l_e_n_g_t_h_.
+       The private session key, pointed to by _k_e_y_,  and  the  key
+       schedule,  _s_c_h_e_d_u_l_e_,  are  used  to decrypt and verify the
+       received message.  _m_s_g___d_a_t_a is  a  pointer  to  a  _M_S_G___D_A_T
+       struct,  defined  in  _k_r_b_._h_.   The  routine  fills  in the
+       _a_p_p___d_a_t_a field with a pointer to the decrypted application
+       data,  _a_p_p___l_e_n_g_t_h  with  the length of the _a_p_p___d_a_t_a field,
+       _t_i_m_e___s_e_c and _t_i_m_e___5_m_s with the timestamps in the  message,
+       and  _s_w_a_p  with  a  1 if the byte order of the receiver is
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     4
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       different than that of the sender.  (The application  must
+       still determine if it is appropriate to byte-swap applica-
+       tion data; the Kerberos protocol fields are already  taken
+       care  of).  The _h_a_s_h field returns a value useful as input
+       to the _k_r_b___c_k___r_e_p_l routine.
+
+       The routine returns zero if ok, or a Kerberos error  code.
+       Modified messages and old messages cause errors, but it is
+       up to the caller to check the time sequence  of  messages,
+       and  to  check  against  recently  replayed messages using
+       _k_r_b___c_k___r_e_p_l if so desired.
+
+       _k_r_b___m_k___s_a_f_e creates an authenticated, but unencrypted mes-
+       sage from any arbitrary application data, pointed to by _i_n
+       and  _i_n___l_e_n_g_t_h  bytes  long.   The  private  session  key,
+       pointed to by _k_e_y_, is used to seed the _q_u_a_d___c_k_s_u_m_(_) check-
+       sum algorithm used as part of the authentication.   _s_e_n_d_e_r
+       and _r_e_c_e_i_v_e_r point to the Internet address of the two par-
+       ties.  This message does not  provide  privacy,  but  does
+       protect  (via detection) against modifications, insertions
+       or replays.   The  encapsulated  message  and  header  are
+       placed  in  the  area  pointed  to  by _o_u_t and the routine
+       returns the length of the  output,  or  -1  indicating  an
+       error.  The authentication provided by this routine is not
+       as strong as that provided by _k_r_b___m_k___p_r_i_v or by  computing
+       the  checksum  using  _c_b_c___c_k_s_u_m  instead,  both  of  which
+       authenticate via DES.
+
+
+       _k_r_b___r_d___s_a_f_e authenticates a received _k_r_b___m_k___s_a_f_e  message.
+       _i_n  points to the beginning of the received message, whose
+       length is specified in  _i_n___l_e_n_g_t_h_.   The  private  session
+       key,  pointed  to by _k_e_y_, is used to seed the quad_cksum()
+       routine as part of  the  authentication.   _m_s_g___d_a_t_a  is  a
+       pointer  to a _M_S_G___D_A_T struct, defined in _k_r_b_._h _.  The rou-
+       tine fills in these _M_S_G___D_A_T  fields:  the  _a_p_p___d_a_t_a  field
+       with  a  pointer  to the application data, _a_p_p___l_e_n_g_t_h with
+       the length of the _a_p_p___d_a_t_a field,  _t_i_m_e___s_e_c  and  _t_i_m_e___5_m_s
+       with  the  timestamps in the message, and _s_w_a_p with a 1 if
+       the byte order of the receiver is different than  that  of
+       the  sender.   (The application must still determine if it
+       is appropriate to byte-swap application data; the Kerberos
+       protocol  fields  are  already  taken  care of).  The _h_a_s_h
+       field returns a value useful as input to  the  _k_r_b___c_k___r_e_p_l
+       routine.
+
+       The  routine returns zero if ok, or a Kerberos error code.
+       Modified messages and old messages cause errors, but it is
+       up  to  the caller to check the time sequence of messages,
+       and to check  against  recently  replayed  messages  using
+       _k_r_b___c_k___r_e_p_l if so desired.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     5
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       _k_r_b___m_k___e_r_r  constructs  an application level error message
+       that may be used along with  _k_r_b___m_k___p_r_i_v  or  _k_r_b___m_k___s_a_f_e_.
+       _o_u_t is a pointer to the output buffer, _c_o_d_e is an applica-
+       tion specific error code, and  _s_t_r_i_n_g  is  an  application
+       specific error string.
+
+
+       _k_r_b___r_d___e_r_r  unpacks  a  received  _k_r_b___m_k___e_r_r  message.  _i_n
+       points to the beginning of  the  received  message,  whose
+       length  is specified in _i_n___l_e_n_g_t_h_.  _c_o_d_e is a pointer to a
+       value to be filled in with the error value provided by the
+       application.   _m_s_g___d_a_t_a  is a pointer to a _M_S_G___D_A_T struct,
+       defined in _k_r_b_._h _.  The routine  fills  in  these  _M_S_G___D_A_T
+       fields:  the _a_p_p___d_a_t_a field with a pointer to the applica-
+       tion  error  text,  _a_p_p___l_e_n_g_t_h  with  the  length  of  the
+       _a_p_p___d_a_t_a field, and _s_w_a_p with a 1 if the byte order of the
+       receiver is different  than  that  of  the  sender.   (The
+       application  must  still determine if it is appropriate to
+       byte-swap application data; the Kerberos  protocol  fields
+       are already taken care of).
+
+       The  routine  returns  zero  if the error message has been
+       successfully received, or a Kerberos error code.
+
+       The _K_T_E_X_T structure is used to pass around text of varying
+       lengths.   It  consists  of  a  buffer for the data, and a
+       length.  krb_rd_req takes an argument of  this  type  con-
+       taining  the  authenticator,  and  krb_mk_req  returns the
+       authenticator in a structure of this type.   KTEXT  itself
+       is  really a pointer to the structure.   The actual struc-
+       ture is of type KTEXT_ST.
+
+       The _A_U_T_H___D_A_T structure is filled  in  by  krb_rd_req.   It
+       must be allocated before calling krb_rd_req, and a pointer
+       to it is passed.  The structure is  filled  in  with  data
+       obtained from Kerberos.  _M_S_G___D_A_T structure is filled in by
+       either krb_rd_priv, krb_rd_safe, or krb_rd_err.   It  must
+       be  allocated  before  the  call  and  a  pointer to it is
+       passed.  The structure is filled  in  with  data  obtained
+       from Kerberos.
+
+
+FFIILLEESS
+       /usr/include/kerberosIV/krb.h
+       /usr/lib/libkrb.a
+       /usr/include/kerberosIV/des.h
+       /usr/lib/libdes.a
+       /etc/kerberosIV/aname
+       /etc/kerberosIV/srvtab
+       /tmp/tkt[uid]
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     6
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+SSEEEE AALLSSOO
+       kerberos(1), des_crypt(3)
+
+DDIIAAGGNNOOSSTTIICCSS
+BBUUGGSS
+       The  caller  of  _k_r_b___r_d___r_e_q_,  _k_r_b___r_d___p_r_i_v_, _a_n_d _k_r_b___r_d___s_a_f_e
+       must  check  time   order   and   for   replay   attempts.
+       _k_r_b___c_k___r_e_p_l is not implemented yet.
+
+AAUUTTHHOORRSS
+       Clifford Neuman, MIT Project Athena
+       Steve  Miller, MIT Project Athena/Digital Equipment Corpo-
+       ration
+
+RREESSTTRRIICCTTIIOONNSS
+       COPYRIGHT 1985,1986,1989 Massachusetts Institute of  Tech-
+       nology
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     7
+
+
+
+
+
diff --git a/usr/share/man/cat3/krb_mk_req.0 b/usr/share/man/cat3/krb_mk_req.0
new file mode 100644
index 0000000000..ac1157fbda
--- /dev/null
+++ b/usr/share/man/cat3/krb_mk_req.0
@@ -0,0 +1,462 @@
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+NNAAMMEE
+       krb_mk_req,     krb_rd_req,    krb_kntoln,    krb_set_key,
+       krb_get_cred,   krb_mk_priv,   krb_rd_priv,   krb_mk_safe,
+       krb_rd_safe,  krb_mk_err,  krb_rd_err,  krb_ck_repl - Ker-
+       beros authentication library
+
+SSYYNNOOPPSSIISS
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//ddeess..hh>>
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//kkrrbb..hh>>
+
+       eexxtteerrnn cchhaarr **kkrrbb__eerrrr__ttxxtt[[]];;
+
+       iinntt kkrrbb__mmkk__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cchheecckkssuumm))
+       KKTTEEXXTT aauutthheenntt;;
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       cchhaarr **rreeaallmm;;
+       uu__lloonngg cchheecckkssuumm;;
+
+       iinntt kkrrbb__rrdd__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,ffrroomm__aaddddrr,,aadd,,ffnn))
+       KKTTEEXXTT aauutthheenntt;;
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       uu__lloonngg ffrroomm__aaddddrr;;
+       AAUUTTHH__DDAATT **aadd;;
+       cchhaarr **ffnn;;
+
+       iinntt kkrrbb__kknnttoollnn((aadd,,llnnaammee))
+       AAUUTTHH__DDAATT **aadd;;
+       cchhaarr **llnnaammee;;
+
+       iinntt kkrrbb__sseett__kkeeyy((kkeeyy,,ccvvtt))
+       cchhaarr **kkeeyy;;
+       iinntt ccvvtt;;
+
+       iinntt kkrrbb__ggeett__ccrreedd((sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cc))
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       cchhaarr **rreeaallmm;;
+       CCRREEDDEENNTTIIAALLSS **cc;;
+
+       lloonngg kkrrbb__mmkk__pprriivv((iinn,,oouutt,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
+       uu__cchhaarr **iinn;;
+       uu__cchhaarr **oouutt;;
+       uu__lloonngg iinn__lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+
+       lloonngg kkrrbb__rrdd__pprriivv((iinn,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       uu__cchhaarr **iinn;;
+       uu__lloonngg iinn__lleennggtthh;;
+       KKeeyy__sscchheedduullee sscchheedduullee;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+       lloonngg kkrrbb__mmkk__ssaaffee((iinn,,oouutt,,iinn__lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
+       uu__cchhaarr **iinn;;
+       uu__cchhaarr **oouutt;;
+       uu__lloonngg iinn__lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+
+       lloonngg kkrrbb__rrdd__ssaaffee((iinn,,lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
+       uu__cchhaarr **iinn;;
+       uu__lloonngg lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+       lloonngg kkrrbb__mmkk__eerrrr((oouutt,,ccooddee,,ssttrriinngg))
+       uu__cchhaarr **oouutt;;
+       lloonngg ccooddee;;
+       cchhaarr **ssttrriinngg;;
+
+       lloonngg kkrrbb__rrdd__eerrrr((iinn,,lleennggtthh,,ccooddee,,mmssgg__ddaattaa))
+       uu__cchhaarr **iinn;;
+       uu__lloonngg lleennggtthh;;
+       lloonngg ccooddee;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+DDEESSCCRRIIPPTTIIOONN
+       This library supports network authentication  and  various
+       related  operations.   The  library contains many routines
+       beyond those described in this man page, but they are  not
+       intended to be used directly.  Instead, they are called by
+       the routines that are described, the authentication server
+       and the login program.
+
+       _k_r_b___e_r_r___t_x_t_[_] contains text string descriptions of various
+       Kerberos error codes returned  by  some  of  the  routines
+       below.
+
+       _k_r_b___m_k___r_e_q takes a pointer to a text structure in which an
+       authenticator is to be built.  It  also  takes  the  name,
+       instance,  and  realm  of  the  service  to be used and an
+       optional checksum.  It is up to the application to  decide
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     2
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       how to generate the checksum.  _k_r_b___m_k___r_e_q then retrieves a
+       ticket for the desired service and creates an  authentica-
+       tor.   The authenticator is built in _a_u_t_h_e_n_t and is acces-
+       sible to the calling procedure.
+
+       It is up to the application to get  the  authenticator  to
+       the  service  where it will be read by _k_r_b___r_d___r_e_q_.  Unless
+       an attacker possesses the session  key  contained  in  the
+       ticket,  it  will  be  unable to modify the authenticator.
+       Thus, the checksum can be used to verify the  authenticity
+       of the other data that will pass through a connection.
+
+       _k_r_b___r_d___r_e_q takes an authenticator of type KKTTEEXXTT,, a service
+       name, an instance, the address of the host originating the
+       request,  and  a  pointer  to a structure of type AAUUTTHH__DDAATT
+       which is filled in  with  information  obtained  from  the
+       authenticator.   It  also optionally takes the name of the
+       file in which it will find the secret key(s) for the  ser-
+       vice.   If  the  supplied  _i_n_s_t_a_n_c_e contains "*", then the
+       first service key with the same service name found in  the
+       service  key  file will be used, and the _i_n_s_t_a_n_c_e argument
+       will be filled in with the chosen  instance.   This  means
+       that  the  caller  must provide space for such an instance
+       name.
+
+       It is used to find out  information  about  the  principal
+       when  a  request  has been made to a service.  It is up to
+       the application protocol to get the authenticator from the
+       client  to  the service.  The authenticator is then passed
+       to _k_r_b___r_d___r_e_q to extract the desired information.
+
+       _k_r_b___r_d___r_e_q returns zero (RD_AP_OK) upon successful authen-
+       tication.   If a packet was forged, modified, or replayed,
+       authentication will fail.  If the authentication fails,  a
+       non-zero value is returned indicating the particular prob-
+       lem encountered.  See _k_r_b_._h for the list of error codes.
+
+       If the last argument is the null string  (""),  krb_rd_req
+       will  use  the  file /etc/srvtab to find its keys.  If the
+       last argument is NULL, it will assume  that  the  key  has
+       been  set  by _k_r_b___s_e_t___k_e_y and will not bother looking fur-
+       ther.
+
+       _k_r_b___k_n_t_o_l_n converts a Kerberos name to a local  name.   It
+       takes  a  structure of type AUTH_DAT and uses the name and
+       instance to look in the database /etc/aname  to  find  the
+       corresponding  local name.  The local name is returned and
+       can be used by an application to change uids, directories,
+       or  other  parameters.  It is not an integral part of Ker-
+       beros, but is instead provided to support the use of  Ker-
+       beros in existing utilities.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     3
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       _k_r_b___s_e_t___k_e_y  takes as an argument a des key.  It then cre-
+       ates a key schedule from it and saves the original key  to
+       be  used  as  an initialization vector.  It is used to set
+       the server's key which must be used to decrypt tickets.
+
+       If called with a  non-zero  second  argument,  _k_r_b___s_e_t___k_e_y
+       will  first  convert  the input from a string of arbitrary
+       length to a DES key by encrypting it with a one-way  func-
+       tion.
+
+       In   most  cases  it  should  not  be  necessary  to  call
+       _k_r_b___s_e_t___k_e_y_.  The necessary keys will usually be  obtained
+       and  set  inside  _k_r_b___r_d___r_e_q_.  _k_r_b___s_e_t___k_e_y is provided for
+       those applications that do not wish to place the  applica-
+       tion keys on disk.
+
+       _k_r_b___g_e_t___c_r_e_d  searches  the  caller's  ticket  file  for a
+       ticket for the given service, instance, and realm; and, if
+       a  ticket  is found, fills in the given CREDENTIALS struc-
+       ture with the ticket information.
+
+       If the ticket was found, _k_r_b___g_e_t___c_r_e_d returns  GC_OK.   If
+       the  ticket  file  can't  be found, can't be read, doesn't
+       belong to the user (other  than  root),  isn't  a  regular
+       file,  or  is  in  the  wrong  mode, the error GC_TKFIL is
+       returned.
+
+       _k_r_b___m_k___p_r_i_v creates an  encrypted,  authenticated  message
+       from  any arbitrary application data, pointed to by _i_n and
+       _i_n___l_e_n_g_t_h bytes long.  The private session key, pointed to
+       by _k_e_y and the key schedule, _s_c_h_e_d_u_l_e_, are used to encrypt
+       the data and some header information  using  _p_c_b_c___e_n_c_r_y_p_t_.
+       _s_e_n_d_e_r  and  _r_e_c_e_i_v_e_r point to the Internet address of the
+       two parties.  In addition to providing privacy, this  pro-
+       tocol  message  protects against modifications, insertions
+       or replays.   The  encapsulated  message  and  header  are
+       placed  in  the  area  pointed  to  by _o_u_t and the routine
+       returns the length of the  output,  or  -1  indicating  an
+       error.
+
+       _k_r_b___r_d___p_r_i_v   decrypts   and   authenticates   a  received
+       _k_r_b___m_k___p_r_i_v message.  _i_n points to the  beginning  of  the
+       received  message, whose length is specified in _i_n___l_e_n_g_t_h_.
+       The private session key, pointed to by _k_e_y_,  and  the  key
+       schedule,  _s_c_h_e_d_u_l_e_,  are  used  to decrypt and verify the
+       received message.  _m_s_g___d_a_t_a is  a  pointer  to  a  _M_S_G___D_A_T
+       struct,  defined  in  _k_r_b_._h_.   The  routine  fills  in the
+       _a_p_p___d_a_t_a field with a pointer to the decrypted application
+       data,  _a_p_p___l_e_n_g_t_h  with  the length of the _a_p_p___d_a_t_a field,
+       _t_i_m_e___s_e_c and _t_i_m_e___5_m_s with the timestamps in the  message,
+       and  _s_w_a_p  with  a  1 if the byte order of the receiver is
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     4
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       different than that of the sender.  (The application  must
+       still determine if it is appropriate to byte-swap applica-
+       tion data; the Kerberos protocol fields are already  taken
+       care  of).  The _h_a_s_h field returns a value useful as input
+       to the _k_r_b___c_k___r_e_p_l routine.
+
+       The routine returns zero if ok, or a Kerberos error  code.
+       Modified messages and old messages cause errors, but it is
+       up to the caller to check the time sequence  of  messages,
+       and  to  check  against  recently  replayed messages using
+       _k_r_b___c_k___r_e_p_l if so desired.
+
+       _k_r_b___m_k___s_a_f_e creates an authenticated, but unencrypted mes-
+       sage from any arbitrary application data, pointed to by _i_n
+       and  _i_n___l_e_n_g_t_h  bytes  long.   The  private  session  key,
+       pointed to by _k_e_y_, is used to seed the _q_u_a_d___c_k_s_u_m_(_) check-
+       sum algorithm used as part of the authentication.   _s_e_n_d_e_r
+       and _r_e_c_e_i_v_e_r point to the Internet address of the two par-
+       ties.  This message does not  provide  privacy,  but  does
+       protect  (via detection) against modifications, insertions
+       or replays.   The  encapsulated  message  and  header  are
+       placed  in  the  area  pointed  to  by _o_u_t and the routine
+       returns the length of the  output,  or  -1  indicating  an
+       error.  The authentication provided by this routine is not
+       as strong as that provided by _k_r_b___m_k___p_r_i_v or by  computing
+       the  checksum  using  _c_b_c___c_k_s_u_m  instead,  both  of  which
+       authenticate via DES.
+
+
+       _k_r_b___r_d___s_a_f_e authenticates a received _k_r_b___m_k___s_a_f_e  message.
+       _i_n  points to the beginning of the received message, whose
+       length is specified in  _i_n___l_e_n_g_t_h_.   The  private  session
+       key,  pointed  to by _k_e_y_, is used to seed the quad_cksum()
+       routine as part of  the  authentication.   _m_s_g___d_a_t_a  is  a
+       pointer  to a _M_S_G___D_A_T struct, defined in _k_r_b_._h _.  The rou-
+       tine fills in these _M_S_G___D_A_T  fields:  the  _a_p_p___d_a_t_a  field
+       with  a  pointer  to the application data, _a_p_p___l_e_n_g_t_h with
+       the length of the _a_p_p___d_a_t_a field,  _t_i_m_e___s_e_c  and  _t_i_m_e___5_m_s
+       with  the  timestamps in the message, and _s_w_a_p with a 1 if
+       the byte order of the receiver is different than  that  of
+       the  sender.   (The application must still determine if it
+       is appropriate to byte-swap application data; the Kerberos
+       protocol  fields  are  already  taken  care of).  The _h_a_s_h
+       field returns a value useful as input to  the  _k_r_b___c_k___r_e_p_l
+       routine.
+
+       The  routine returns zero if ok, or a Kerberos error code.
+       Modified messages and old messages cause errors, but it is
+       up  to  the caller to check the time sequence of messages,
+       and to check  against  recently  replayed  messages  using
+       _k_r_b___c_k___r_e_p_l if so desired.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     5
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       _k_r_b___m_k___e_r_r  constructs  an application level error message
+       that may be used along with  _k_r_b___m_k___p_r_i_v  or  _k_r_b___m_k___s_a_f_e_.
+       _o_u_t is a pointer to the output buffer, _c_o_d_e is an applica-
+       tion specific error code, and  _s_t_r_i_n_g  is  an  application
+       specific error string.
+
+
+       _k_r_b___r_d___e_r_r  unpacks  a  received  _k_r_b___m_k___e_r_r  message.  _i_n
+       points to the beginning of  the  received  message,  whose
+       length  is specified in _i_n___l_e_n_g_t_h_.  _c_o_d_e is a pointer to a
+       value to be filled in with the error value provided by the
+       application.   _m_s_g___d_a_t_a  is a pointer to a _M_S_G___D_A_T struct,
+       defined in _k_r_b_._h _.  The routine  fills  in  these  _M_S_G___D_A_T
+       fields:  the _a_p_p___d_a_t_a field with a pointer to the applica-
+       tion  error  text,  _a_p_p___l_e_n_g_t_h  with  the  length  of  the
+       _a_p_p___d_a_t_a field, and _s_w_a_p with a 1 if the byte order of the
+       receiver is different  than  that  of  the  sender.   (The
+       application  must  still determine if it is appropriate to
+       byte-swap application data; the Kerberos  protocol  fields
+       are already taken care of).
+
+       The  routine  returns  zero  if the error message has been
+       successfully received, or a Kerberos error code.
+
+       The _K_T_E_X_T structure is used to pass around text of varying
+       lengths.   It  consists  of  a  buffer for the data, and a
+       length.  krb_rd_req takes an argument of  this  type  con-
+       taining  the  authenticator,  and  krb_mk_req  returns the
+       authenticator in a structure of this type.   KTEXT  itself
+       is  really a pointer to the structure.   The actual struc-
+       ture is of type KTEXT_ST.
+
+       The _A_U_T_H___D_A_T structure is filled  in  by  krb_rd_req.   It
+       must be allocated before calling krb_rd_req, and a pointer
+       to it is passed.  The structure is  filled  in  with  data
+       obtained from Kerberos.  _M_S_G___D_A_T structure is filled in by
+       either krb_rd_priv, krb_rd_safe, or krb_rd_err.   It  must
+       be  allocated  before  the  call  and  a  pointer to it is
+       passed.  The structure is filled  in  with  data  obtained
+       from Kerberos.
+
+
+FFIILLEESS
+       /usr/include/kerberosIV/krb.h
+       /usr/lib/libkrb.a
+       /usr/include/kerberosIV/des.h
+       /usr/lib/libdes.a
+       /etc/kerberosIV/aname
+       /etc/kerberosIV/srvtab
+       /tmp/tkt[uid]
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     6
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+SSEEEE AALLSSOO
+       kerberos(1), des_crypt(3)
+
+DDIIAAGGNNOOSSTTIICCSS
+BBUUGGSS
+       The  caller  of  _k_r_b___r_d___r_e_q_,  _k_r_b___r_d___p_r_i_v_, _a_n_d _k_r_b___r_d___s_a_f_e
+       must  check  time   order   and   for   replay   attempts.
+       _k_r_b___c_k___r_e_p_l is not implemented yet.
+
+AAUUTTHHOORRSS
+       Clifford Neuman, MIT Project Athena
+       Steve  Miller, MIT Project Athena/Digital Equipment Corpo-
+       ration
+
+RREESSTTRRIICCTTIIOONNSS
+       COPYRIGHT 1985,1986,1989 Massachusetts Institute of  Tech-
+       nology
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     7
+
+
+
+
+
diff --git a/usr/share/man/cat3/krb_mk_safe.0 b/usr/share/man/cat3/krb_mk_safe.0
new file mode 100644
index 0000000000..ac1157fbda
--- /dev/null
+++ b/usr/share/man/cat3/krb_mk_safe.0
@@ -0,0 +1,462 @@
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+NNAAMMEE
+       krb_mk_req,     krb_rd_req,    krb_kntoln,    krb_set_key,
+       krb_get_cred,   krb_mk_priv,   krb_rd_priv,   krb_mk_safe,
+       krb_rd_safe,  krb_mk_err,  krb_rd_err,  krb_ck_repl - Ker-
+       beros authentication library
+
+SSYYNNOOPPSSIISS
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//ddeess..hh>>
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//kkrrbb..hh>>
+
+       eexxtteerrnn cchhaarr **kkrrbb__eerrrr__ttxxtt[[]];;
+
+       iinntt kkrrbb__mmkk__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cchheecckkssuumm))
+       KKTTEEXXTT aauutthheenntt;;
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       cchhaarr **rreeaallmm;;
+       uu__lloonngg cchheecckkssuumm;;
+
+       iinntt kkrrbb__rrdd__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,ffrroomm__aaddddrr,,aadd,,ffnn))
+       KKTTEEXXTT aauutthheenntt;;
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       uu__lloonngg ffrroomm__aaddddrr;;
+       AAUUTTHH__DDAATT **aadd;;
+       cchhaarr **ffnn;;
+
+       iinntt kkrrbb__kknnttoollnn((aadd,,llnnaammee))
+       AAUUTTHH__DDAATT **aadd;;
+       cchhaarr **llnnaammee;;
+
+       iinntt kkrrbb__sseett__kkeeyy((kkeeyy,,ccvvtt))
+       cchhaarr **kkeeyy;;
+       iinntt ccvvtt;;
+
+       iinntt kkrrbb__ggeett__ccrreedd((sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cc))
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       cchhaarr **rreeaallmm;;
+       CCRREEDDEENNTTIIAALLSS **cc;;
+
+       lloonngg kkrrbb__mmkk__pprriivv((iinn,,oouutt,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
+       uu__cchhaarr **iinn;;
+       uu__cchhaarr **oouutt;;
+       uu__lloonngg iinn__lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+
+       lloonngg kkrrbb__rrdd__pprriivv((iinn,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       uu__cchhaarr **iinn;;
+       uu__lloonngg iinn__lleennggtthh;;
+       KKeeyy__sscchheedduullee sscchheedduullee;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+       lloonngg kkrrbb__mmkk__ssaaffee((iinn,,oouutt,,iinn__lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
+       uu__cchhaarr **iinn;;
+       uu__cchhaarr **oouutt;;
+       uu__lloonngg iinn__lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+
+       lloonngg kkrrbb__rrdd__ssaaffee((iinn,,lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
+       uu__cchhaarr **iinn;;
+       uu__lloonngg lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+       lloonngg kkrrbb__mmkk__eerrrr((oouutt,,ccooddee,,ssttrriinngg))
+       uu__cchhaarr **oouutt;;
+       lloonngg ccooddee;;
+       cchhaarr **ssttrriinngg;;
+
+       lloonngg kkrrbb__rrdd__eerrrr((iinn,,lleennggtthh,,ccooddee,,mmssgg__ddaattaa))
+       uu__cchhaarr **iinn;;
+       uu__lloonngg lleennggtthh;;
+       lloonngg ccooddee;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+DDEESSCCRRIIPPTTIIOONN
+       This library supports network authentication  and  various
+       related  operations.   The  library contains many routines
+       beyond those described in this man page, but they are  not
+       intended to be used directly.  Instead, they are called by
+       the routines that are described, the authentication server
+       and the login program.
+
+       _k_r_b___e_r_r___t_x_t_[_] contains text string descriptions of various
+       Kerberos error codes returned  by  some  of  the  routines
+       below.
+
+       _k_r_b___m_k___r_e_q takes a pointer to a text structure in which an
+       authenticator is to be built.  It  also  takes  the  name,
+       instance,  and  realm  of  the  service  to be used and an
+       optional checksum.  It is up to the application to  decide
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     2
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       how to generate the checksum.  _k_r_b___m_k___r_e_q then retrieves a
+       ticket for the desired service and creates an  authentica-
+       tor.   The authenticator is built in _a_u_t_h_e_n_t and is acces-
+       sible to the calling procedure.
+
+       It is up to the application to get  the  authenticator  to
+       the  service  where it will be read by _k_r_b___r_d___r_e_q_.  Unless
+       an attacker possesses the session  key  contained  in  the
+       ticket,  it  will  be  unable to modify the authenticator.
+       Thus, the checksum can be used to verify the  authenticity
+       of the other data that will pass through a connection.
+
+       _k_r_b___r_d___r_e_q takes an authenticator of type KKTTEEXXTT,, a service
+       name, an instance, the address of the host originating the
+       request,  and  a  pointer  to a structure of type AAUUTTHH__DDAATT
+       which is filled in  with  information  obtained  from  the
+       authenticator.   It  also optionally takes the name of the
+       file in which it will find the secret key(s) for the  ser-
+       vice.   If  the  supplied  _i_n_s_t_a_n_c_e contains "*", then the
+       first service key with the same service name found in  the
+       service  key  file will be used, and the _i_n_s_t_a_n_c_e argument
+       will be filled in with the chosen  instance.   This  means
+       that  the  caller  must provide space for such an instance
+       name.
+
+       It is used to find out  information  about  the  principal
+       when  a  request  has been made to a service.  It is up to
+       the application protocol to get the authenticator from the
+       client  to  the service.  The authenticator is then passed
+       to _k_r_b___r_d___r_e_q to extract the desired information.
+
+       _k_r_b___r_d___r_e_q returns zero (RD_AP_OK) upon successful authen-
+       tication.   If a packet was forged, modified, or replayed,
+       authentication will fail.  If the authentication fails,  a
+       non-zero value is returned indicating the particular prob-
+       lem encountered.  See _k_r_b_._h for the list of error codes.
+
+       If the last argument is the null string  (""),  krb_rd_req
+       will  use  the  file /etc/srvtab to find its keys.  If the
+       last argument is NULL, it will assume  that  the  key  has
+       been  set  by _k_r_b___s_e_t___k_e_y and will not bother looking fur-
+       ther.
+
+       _k_r_b___k_n_t_o_l_n converts a Kerberos name to a local  name.   It
+       takes  a  structure of type AUTH_DAT and uses the name and
+       instance to look in the database /etc/aname  to  find  the
+       corresponding  local name.  The local name is returned and
+       can be used by an application to change uids, directories,
+       or  other  parameters.  It is not an integral part of Ker-
+       beros, but is instead provided to support the use of  Ker-
+       beros in existing utilities.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     3
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       _k_r_b___s_e_t___k_e_y  takes as an argument a des key.  It then cre-
+       ates a key schedule from it and saves the original key  to
+       be  used  as  an initialization vector.  It is used to set
+       the server's key which must be used to decrypt tickets.
+
+       If called with a  non-zero  second  argument,  _k_r_b___s_e_t___k_e_y
+       will  first  convert  the input from a string of arbitrary
+       length to a DES key by encrypting it with a one-way  func-
+       tion.
+
+       In   most  cases  it  should  not  be  necessary  to  call
+       _k_r_b___s_e_t___k_e_y_.  The necessary keys will usually be  obtained
+       and  set  inside  _k_r_b___r_d___r_e_q_.  _k_r_b___s_e_t___k_e_y is provided for
+       those applications that do not wish to place the  applica-
+       tion keys on disk.
+
+       _k_r_b___g_e_t___c_r_e_d  searches  the  caller's  ticket  file  for a
+       ticket for the given service, instance, and realm; and, if
+       a  ticket  is found, fills in the given CREDENTIALS struc-
+       ture with the ticket information.
+
+       If the ticket was found, _k_r_b___g_e_t___c_r_e_d returns  GC_OK.   If
+       the  ticket  file  can't  be found, can't be read, doesn't
+       belong to the user (other  than  root),  isn't  a  regular
+       file,  or  is  in  the  wrong  mode, the error GC_TKFIL is
+       returned.
+
+       _k_r_b___m_k___p_r_i_v creates an  encrypted,  authenticated  message
+       from  any arbitrary application data, pointed to by _i_n and
+       _i_n___l_e_n_g_t_h bytes long.  The private session key, pointed to
+       by _k_e_y and the key schedule, _s_c_h_e_d_u_l_e_, are used to encrypt
+       the data and some header information  using  _p_c_b_c___e_n_c_r_y_p_t_.
+       _s_e_n_d_e_r  and  _r_e_c_e_i_v_e_r point to the Internet address of the
+       two parties.  In addition to providing privacy, this  pro-
+       tocol  message  protects against modifications, insertions
+       or replays.   The  encapsulated  message  and  header  are
+       placed  in  the  area  pointed  to  by _o_u_t and the routine
+       returns the length of the  output,  or  -1  indicating  an
+       error.
+
+       _k_r_b___r_d___p_r_i_v   decrypts   and   authenticates   a  received
+       _k_r_b___m_k___p_r_i_v message.  _i_n points to the  beginning  of  the
+       received  message, whose length is specified in _i_n___l_e_n_g_t_h_.
+       The private session key, pointed to by _k_e_y_,  and  the  key
+       schedule,  _s_c_h_e_d_u_l_e_,  are  used  to decrypt and verify the
+       received message.  _m_s_g___d_a_t_a is  a  pointer  to  a  _M_S_G___D_A_T
+       struct,  defined  in  _k_r_b_._h_.   The  routine  fills  in the
+       _a_p_p___d_a_t_a field with a pointer to the decrypted application
+       data,  _a_p_p___l_e_n_g_t_h  with  the length of the _a_p_p___d_a_t_a field,
+       _t_i_m_e___s_e_c and _t_i_m_e___5_m_s with the timestamps in the  message,
+       and  _s_w_a_p  with  a  1 if the byte order of the receiver is
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     4
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       different than that of the sender.  (The application  must
+       still determine if it is appropriate to byte-swap applica-
+       tion data; the Kerberos protocol fields are already  taken
+       care  of).  The _h_a_s_h field returns a value useful as input
+       to the _k_r_b___c_k___r_e_p_l routine.
+
+       The routine returns zero if ok, or a Kerberos error  code.
+       Modified messages and old messages cause errors, but it is
+       up to the caller to check the time sequence  of  messages,
+       and  to  check  against  recently  replayed messages using
+       _k_r_b___c_k___r_e_p_l if so desired.
+
+       _k_r_b___m_k___s_a_f_e creates an authenticated, but unencrypted mes-
+       sage from any arbitrary application data, pointed to by _i_n
+       and  _i_n___l_e_n_g_t_h  bytes  long.   The  private  session  key,
+       pointed to by _k_e_y_, is used to seed the _q_u_a_d___c_k_s_u_m_(_) check-
+       sum algorithm used as part of the authentication.   _s_e_n_d_e_r
+       and _r_e_c_e_i_v_e_r point to the Internet address of the two par-
+       ties.  This message does not  provide  privacy,  but  does
+       protect  (via detection) against modifications, insertions
+       or replays.   The  encapsulated  message  and  header  are
+       placed  in  the  area  pointed  to  by _o_u_t and the routine
+       returns the length of the  output,  or  -1  indicating  an
+       error.  The authentication provided by this routine is not
+       as strong as that provided by _k_r_b___m_k___p_r_i_v or by  computing
+       the  checksum  using  _c_b_c___c_k_s_u_m  instead,  both  of  which
+       authenticate via DES.
+
+
+       _k_r_b___r_d___s_a_f_e authenticates a received _k_r_b___m_k___s_a_f_e  message.
+       _i_n  points to the beginning of the received message, whose
+       length is specified in  _i_n___l_e_n_g_t_h_.   The  private  session
+       key,  pointed  to by _k_e_y_, is used to seed the quad_cksum()
+       routine as part of  the  authentication.   _m_s_g___d_a_t_a  is  a
+       pointer  to a _M_S_G___D_A_T struct, defined in _k_r_b_._h _.  The rou-
+       tine fills in these _M_S_G___D_A_T  fields:  the  _a_p_p___d_a_t_a  field
+       with  a  pointer  to the application data, _a_p_p___l_e_n_g_t_h with
+       the length of the _a_p_p___d_a_t_a field,  _t_i_m_e___s_e_c  and  _t_i_m_e___5_m_s
+       with  the  timestamps in the message, and _s_w_a_p with a 1 if
+       the byte order of the receiver is different than  that  of
+       the  sender.   (The application must still determine if it
+       is appropriate to byte-swap application data; the Kerberos
+       protocol  fields  are  already  taken  care of).  The _h_a_s_h
+       field returns a value useful as input to  the  _k_r_b___c_k___r_e_p_l
+       routine.
+
+       The  routine returns zero if ok, or a Kerberos error code.
+       Modified messages and old messages cause errors, but it is
+       up  to  the caller to check the time sequence of messages,
+       and to check  against  recently  replayed  messages  using
+       _k_r_b___c_k___r_e_p_l if so desired.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     5
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       _k_r_b___m_k___e_r_r  constructs  an application level error message
+       that may be used along with  _k_r_b___m_k___p_r_i_v  or  _k_r_b___m_k___s_a_f_e_.
+       _o_u_t is a pointer to the output buffer, _c_o_d_e is an applica-
+       tion specific error code, and  _s_t_r_i_n_g  is  an  application
+       specific error string.
+
+
+       _k_r_b___r_d___e_r_r  unpacks  a  received  _k_r_b___m_k___e_r_r  message.  _i_n
+       points to the beginning of  the  received  message,  whose
+       length  is specified in _i_n___l_e_n_g_t_h_.  _c_o_d_e is a pointer to a
+       value to be filled in with the error value provided by the
+       application.   _m_s_g___d_a_t_a  is a pointer to a _M_S_G___D_A_T struct,
+       defined in _k_r_b_._h _.  The routine  fills  in  these  _M_S_G___D_A_T
+       fields:  the _a_p_p___d_a_t_a field with a pointer to the applica-
+       tion  error  text,  _a_p_p___l_e_n_g_t_h  with  the  length  of  the
+       _a_p_p___d_a_t_a field, and _s_w_a_p with a 1 if the byte order of the
+       receiver is different  than  that  of  the  sender.   (The
+       application  must  still determine if it is appropriate to
+       byte-swap application data; the Kerberos  protocol  fields
+       are already taken care of).
+
+       The  routine  returns  zero  if the error message has been
+       successfully received, or a Kerberos error code.
+
+       The _K_T_E_X_T structure is used to pass around text of varying
+       lengths.   It  consists  of  a  buffer for the data, and a
+       length.  krb_rd_req takes an argument of  this  type  con-
+       taining  the  authenticator,  and  krb_mk_req  returns the
+       authenticator in a structure of this type.   KTEXT  itself
+       is  really a pointer to the structure.   The actual struc-
+       ture is of type KTEXT_ST.
+
+       The _A_U_T_H___D_A_T structure is filled  in  by  krb_rd_req.   It
+       must be allocated before calling krb_rd_req, and a pointer
+       to it is passed.  The structure is  filled  in  with  data
+       obtained from Kerberos.  _M_S_G___D_A_T structure is filled in by
+       either krb_rd_priv, krb_rd_safe, or krb_rd_err.   It  must
+       be  allocated  before  the  call  and  a  pointer to it is
+       passed.  The structure is filled  in  with  data  obtained
+       from Kerberos.
+
+
+FFIILLEESS
+       /usr/include/kerberosIV/krb.h
+       /usr/lib/libkrb.a
+       /usr/include/kerberosIV/des.h
+       /usr/lib/libdes.a
+       /etc/kerberosIV/aname
+       /etc/kerberosIV/srvtab
+       /tmp/tkt[uid]
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     6
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+SSEEEE AALLSSOO
+       kerberos(1), des_crypt(3)
+
+DDIIAAGGNNOOSSTTIICCSS
+BBUUGGSS
+       The  caller  of  _k_r_b___r_d___r_e_q_,  _k_r_b___r_d___p_r_i_v_, _a_n_d _k_r_b___r_d___s_a_f_e
+       must  check  time   order   and   for   replay   attempts.
+       _k_r_b___c_k___r_e_p_l is not implemented yet.
+
+AAUUTTHHOORRSS
+       Clifford Neuman, MIT Project Athena
+       Steve  Miller, MIT Project Athena/Digital Equipment Corpo-
+       ration
+
+RREESSTTRRIICCTTIIOONNSS
+       COPYRIGHT 1985,1986,1989 Massachusetts Institute of  Tech-
+       nology
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     7
+
+
+
+
+
diff --git a/usr/share/man/cat3/krb_rd_err.0 b/usr/share/man/cat3/krb_rd_err.0
new file mode 100644
index 0000000000..ac1157fbda
--- /dev/null
+++ b/usr/share/man/cat3/krb_rd_err.0
@@ -0,0 +1,462 @@
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+NNAAMMEE
+       krb_mk_req,     krb_rd_req,    krb_kntoln,    krb_set_key,
+       krb_get_cred,   krb_mk_priv,   krb_rd_priv,   krb_mk_safe,
+       krb_rd_safe,  krb_mk_err,  krb_rd_err,  krb_ck_repl - Ker-
+       beros authentication library
+
+SSYYNNOOPPSSIISS
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//ddeess..hh>>
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//kkrrbb..hh>>
+
+       eexxtteerrnn cchhaarr **kkrrbb__eerrrr__ttxxtt[[]];;
+
+       iinntt kkrrbb__mmkk__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cchheecckkssuumm))
+       KKTTEEXXTT aauutthheenntt;;
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       cchhaarr **rreeaallmm;;
+       uu__lloonngg cchheecckkssuumm;;
+
+       iinntt kkrrbb__rrdd__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,ffrroomm__aaddddrr,,aadd,,ffnn))
+       KKTTEEXXTT aauutthheenntt;;
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       uu__lloonngg ffrroomm__aaddddrr;;
+       AAUUTTHH__DDAATT **aadd;;
+       cchhaarr **ffnn;;
+
+       iinntt kkrrbb__kknnttoollnn((aadd,,llnnaammee))
+       AAUUTTHH__DDAATT **aadd;;
+       cchhaarr **llnnaammee;;
+
+       iinntt kkrrbb__sseett__kkeeyy((kkeeyy,,ccvvtt))
+       cchhaarr **kkeeyy;;
+       iinntt ccvvtt;;
+
+       iinntt kkrrbb__ggeett__ccrreedd((sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cc))
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       cchhaarr **rreeaallmm;;
+       CCRREEDDEENNTTIIAALLSS **cc;;
+
+       lloonngg kkrrbb__mmkk__pprriivv((iinn,,oouutt,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
+       uu__cchhaarr **iinn;;
+       uu__cchhaarr **oouutt;;
+       uu__lloonngg iinn__lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+
+       lloonngg kkrrbb__rrdd__pprriivv((iinn,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       uu__cchhaarr **iinn;;
+       uu__lloonngg iinn__lleennggtthh;;
+       KKeeyy__sscchheedduullee sscchheedduullee;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+       lloonngg kkrrbb__mmkk__ssaaffee((iinn,,oouutt,,iinn__lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
+       uu__cchhaarr **iinn;;
+       uu__cchhaarr **oouutt;;
+       uu__lloonngg iinn__lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+
+       lloonngg kkrrbb__rrdd__ssaaffee((iinn,,lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
+       uu__cchhaarr **iinn;;
+       uu__lloonngg lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+       lloonngg kkrrbb__mmkk__eerrrr((oouutt,,ccooddee,,ssttrriinngg))
+       uu__cchhaarr **oouutt;;
+       lloonngg ccooddee;;
+       cchhaarr **ssttrriinngg;;
+
+       lloonngg kkrrbb__rrdd__eerrrr((iinn,,lleennggtthh,,ccooddee,,mmssgg__ddaattaa))
+       uu__cchhaarr **iinn;;
+       uu__lloonngg lleennggtthh;;
+       lloonngg ccooddee;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+DDEESSCCRRIIPPTTIIOONN
+       This library supports network authentication  and  various
+       related  operations.   The  library contains many routines
+       beyond those described in this man page, but they are  not
+       intended to be used directly.  Instead, they are called by
+       the routines that are described, the authentication server
+       and the login program.
+
+       _k_r_b___e_r_r___t_x_t_[_] contains text string descriptions of various
+       Kerberos error codes returned  by  some  of  the  routines
+       below.
+
+       _k_r_b___m_k___r_e_q takes a pointer to a text structure in which an
+       authenticator is to be built.  It  also  takes  the  name,
+       instance,  and  realm  of  the  service  to be used and an
+       optional checksum.  It is up to the application to  decide
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     2
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       how to generate the checksum.  _k_r_b___m_k___r_e_q then retrieves a
+       ticket for the desired service and creates an  authentica-
+       tor.   The authenticator is built in _a_u_t_h_e_n_t and is acces-
+       sible to the calling procedure.
+
+       It is up to the application to get  the  authenticator  to
+       the  service  where it will be read by _k_r_b___r_d___r_e_q_.  Unless
+       an attacker possesses the session  key  contained  in  the
+       ticket,  it  will  be  unable to modify the authenticator.
+       Thus, the checksum can be used to verify the  authenticity
+       of the other data that will pass through a connection.
+
+       _k_r_b___r_d___r_e_q takes an authenticator of type KKTTEEXXTT,, a service
+       name, an instance, the address of the host originating the
+       request,  and  a  pointer  to a structure of type AAUUTTHH__DDAATT
+       which is filled in  with  information  obtained  from  the
+       authenticator.   It  also optionally takes the name of the
+       file in which it will find the secret key(s) for the  ser-
+       vice.   If  the  supplied  _i_n_s_t_a_n_c_e contains "*", then the
+       first service key with the same service name found in  the
+       service  key  file will be used, and the _i_n_s_t_a_n_c_e argument
+       will be filled in with the chosen  instance.   This  means
+       that  the  caller  must provide space for such an instance
+       name.
+
+       It is used to find out  information  about  the  principal
+       when  a  request  has been made to a service.  It is up to
+       the application protocol to get the authenticator from the
+       client  to  the service.  The authenticator is then passed
+       to _k_r_b___r_d___r_e_q to extract the desired information.
+
+       _k_r_b___r_d___r_e_q returns zero (RD_AP_OK) upon successful authen-
+       tication.   If a packet was forged, modified, or replayed,
+       authentication will fail.  If the authentication fails,  a
+       non-zero value is returned indicating the particular prob-
+       lem encountered.  See _k_r_b_._h for the list of error codes.
+
+       If the last argument is the null string  (""),  krb_rd_req
+       will  use  the  file /etc/srvtab to find its keys.  If the
+       last argument is NULL, it will assume  that  the  key  has
+       been  set  by _k_r_b___s_e_t___k_e_y and will not bother looking fur-
+       ther.
+
+       _k_r_b___k_n_t_o_l_n converts a Kerberos name to a local  name.   It
+       takes  a  structure of type AUTH_DAT and uses the name and
+       instance to look in the database /etc/aname  to  find  the
+       corresponding  local name.  The local name is returned and
+       can be used by an application to change uids, directories,
+       or  other  parameters.  It is not an integral part of Ker-
+       beros, but is instead provided to support the use of  Ker-
+       beros in existing utilities.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     3
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       _k_r_b___s_e_t___k_e_y  takes as an argument a des key.  It then cre-
+       ates a key schedule from it and saves the original key  to
+       be  used  as  an initialization vector.  It is used to set
+       the server's key which must be used to decrypt tickets.
+
+       If called with a  non-zero  second  argument,  _k_r_b___s_e_t___k_e_y
+       will  first  convert  the input from a string of arbitrary
+       length to a DES key by encrypting it with a one-way  func-
+       tion.
+
+       In   most  cases  it  should  not  be  necessary  to  call
+       _k_r_b___s_e_t___k_e_y_.  The necessary keys will usually be  obtained
+       and  set  inside  _k_r_b___r_d___r_e_q_.  _k_r_b___s_e_t___k_e_y is provided for
+       those applications that do not wish to place the  applica-
+       tion keys on disk.
+
+       _k_r_b___g_e_t___c_r_e_d  searches  the  caller's  ticket  file  for a
+       ticket for the given service, instance, and realm; and, if
+       a  ticket  is found, fills in the given CREDENTIALS struc-
+       ture with the ticket information.
+
+       If the ticket was found, _k_r_b___g_e_t___c_r_e_d returns  GC_OK.   If
+       the  ticket  file  can't  be found, can't be read, doesn't
+       belong to the user (other  than  root),  isn't  a  regular
+       file,  or  is  in  the  wrong  mode, the error GC_TKFIL is
+       returned.
+
+       _k_r_b___m_k___p_r_i_v creates an  encrypted,  authenticated  message
+       from  any arbitrary application data, pointed to by _i_n and
+       _i_n___l_e_n_g_t_h bytes long.  The private session key, pointed to
+       by _k_e_y and the key schedule, _s_c_h_e_d_u_l_e_, are used to encrypt
+       the data and some header information  using  _p_c_b_c___e_n_c_r_y_p_t_.
+       _s_e_n_d_e_r  and  _r_e_c_e_i_v_e_r point to the Internet address of the
+       two parties.  In addition to providing privacy, this  pro-
+       tocol  message  protects against modifications, insertions
+       or replays.   The  encapsulated  message  and  header  are
+       placed  in  the  area  pointed  to  by _o_u_t and the routine
+       returns the length of the  output,  or  -1  indicating  an
+       error.
+
+       _k_r_b___r_d___p_r_i_v   decrypts   and   authenticates   a  received
+       _k_r_b___m_k___p_r_i_v message.  _i_n points to the  beginning  of  the
+       received  message, whose length is specified in _i_n___l_e_n_g_t_h_.
+       The private session key, pointed to by _k_e_y_,  and  the  key
+       schedule,  _s_c_h_e_d_u_l_e_,  are  used  to decrypt and verify the
+       received message.  _m_s_g___d_a_t_a is  a  pointer  to  a  _M_S_G___D_A_T
+       struct,  defined  in  _k_r_b_._h_.   The  routine  fills  in the
+       _a_p_p___d_a_t_a field with a pointer to the decrypted application
+       data,  _a_p_p___l_e_n_g_t_h  with  the length of the _a_p_p___d_a_t_a field,
+       _t_i_m_e___s_e_c and _t_i_m_e___5_m_s with the timestamps in the  message,
+       and  _s_w_a_p  with  a  1 if the byte order of the receiver is
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     4
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       different than that of the sender.  (The application  must
+       still determine if it is appropriate to byte-swap applica-
+       tion data; the Kerberos protocol fields are already  taken
+       care  of).  The _h_a_s_h field returns a value useful as input
+       to the _k_r_b___c_k___r_e_p_l routine.
+
+       The routine returns zero if ok, or a Kerberos error  code.
+       Modified messages and old messages cause errors, but it is
+       up to the caller to check the time sequence  of  messages,
+       and  to  check  against  recently  replayed messages using
+       _k_r_b___c_k___r_e_p_l if so desired.
+
+       _k_r_b___m_k___s_a_f_e creates an authenticated, but unencrypted mes-
+       sage from any arbitrary application data, pointed to by _i_n
+       and  _i_n___l_e_n_g_t_h  bytes  long.   The  private  session  key,
+       pointed to by _k_e_y_, is used to seed the _q_u_a_d___c_k_s_u_m_(_) check-
+       sum algorithm used as part of the authentication.   _s_e_n_d_e_r
+       and _r_e_c_e_i_v_e_r point to the Internet address of the two par-
+       ties.  This message does not  provide  privacy,  but  does
+       protect  (via detection) against modifications, insertions
+       or replays.   The  encapsulated  message  and  header  are
+       placed  in  the  area  pointed  to  by _o_u_t and the routine
+       returns the length of the  output,  or  -1  indicating  an
+       error.  The authentication provided by this routine is not
+       as strong as that provided by _k_r_b___m_k___p_r_i_v or by  computing
+       the  checksum  using  _c_b_c___c_k_s_u_m  instead,  both  of  which
+       authenticate via DES.
+
+
+       _k_r_b___r_d___s_a_f_e authenticates a received _k_r_b___m_k___s_a_f_e  message.
+       _i_n  points to the beginning of the received message, whose
+       length is specified in  _i_n___l_e_n_g_t_h_.   The  private  session
+       key,  pointed  to by _k_e_y_, is used to seed the quad_cksum()
+       routine as part of  the  authentication.   _m_s_g___d_a_t_a  is  a
+       pointer  to a _M_S_G___D_A_T struct, defined in _k_r_b_._h _.  The rou-
+       tine fills in these _M_S_G___D_A_T  fields:  the  _a_p_p___d_a_t_a  field
+       with  a  pointer  to the application data, _a_p_p___l_e_n_g_t_h with
+       the length of the _a_p_p___d_a_t_a field,  _t_i_m_e___s_e_c  and  _t_i_m_e___5_m_s
+       with  the  timestamps in the message, and _s_w_a_p with a 1 if
+       the byte order of the receiver is different than  that  of
+       the  sender.   (The application must still determine if it
+       is appropriate to byte-swap application data; the Kerberos
+       protocol  fields  are  already  taken  care of).  The _h_a_s_h
+       field returns a value useful as input to  the  _k_r_b___c_k___r_e_p_l
+       routine.
+
+       The  routine returns zero if ok, or a Kerberos error code.
+       Modified messages and old messages cause errors, but it is
+       up  to  the caller to check the time sequence of messages,
+       and to check  against  recently  replayed  messages  using
+       _k_r_b___c_k___r_e_p_l if so desired.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     5
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       _k_r_b___m_k___e_r_r  constructs  an application level error message
+       that may be used along with  _k_r_b___m_k___p_r_i_v  or  _k_r_b___m_k___s_a_f_e_.
+       _o_u_t is a pointer to the output buffer, _c_o_d_e is an applica-
+       tion specific error code, and  _s_t_r_i_n_g  is  an  application
+       specific error string.
+
+
+       _k_r_b___r_d___e_r_r  unpacks  a  received  _k_r_b___m_k___e_r_r  message.  _i_n
+       points to the beginning of  the  received  message,  whose
+       length  is specified in _i_n___l_e_n_g_t_h_.  _c_o_d_e is a pointer to a
+       value to be filled in with the error value provided by the
+       application.   _m_s_g___d_a_t_a  is a pointer to a _M_S_G___D_A_T struct,
+       defined in _k_r_b_._h _.  The routine  fills  in  these  _M_S_G___D_A_T
+       fields:  the _a_p_p___d_a_t_a field with a pointer to the applica-
+       tion  error  text,  _a_p_p___l_e_n_g_t_h  with  the  length  of  the
+       _a_p_p___d_a_t_a field, and _s_w_a_p with a 1 if the byte order of the
+       receiver is different  than  that  of  the  sender.   (The
+       application  must  still determine if it is appropriate to
+       byte-swap application data; the Kerberos  protocol  fields
+       are already taken care of).
+
+       The  routine  returns  zero  if the error message has been
+       successfully received, or a Kerberos error code.
+
+       The _K_T_E_X_T structure is used to pass around text of varying
+       lengths.   It  consists  of  a  buffer for the data, and a
+       length.  krb_rd_req takes an argument of  this  type  con-
+       taining  the  authenticator,  and  krb_mk_req  returns the
+       authenticator in a structure of this type.   KTEXT  itself
+       is  really a pointer to the structure.   The actual struc-
+       ture is of type KTEXT_ST.
+
+       The _A_U_T_H___D_A_T structure is filled  in  by  krb_rd_req.   It
+       must be allocated before calling krb_rd_req, and a pointer
+       to it is passed.  The structure is  filled  in  with  data
+       obtained from Kerberos.  _M_S_G___D_A_T structure is filled in by
+       either krb_rd_priv, krb_rd_safe, or krb_rd_err.   It  must
+       be  allocated  before  the  call  and  a  pointer to it is
+       passed.  The structure is filled  in  with  data  obtained
+       from Kerberos.
+
+
+FFIILLEESS
+       /usr/include/kerberosIV/krb.h
+       /usr/lib/libkrb.a
+       /usr/include/kerberosIV/des.h
+       /usr/lib/libdes.a
+       /etc/kerberosIV/aname
+       /etc/kerberosIV/srvtab
+       /tmp/tkt[uid]
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     6
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+SSEEEE AALLSSOO
+       kerberos(1), des_crypt(3)
+
+DDIIAAGGNNOOSSTTIICCSS
+BBUUGGSS
+       The  caller  of  _k_r_b___r_d___r_e_q_,  _k_r_b___r_d___p_r_i_v_, _a_n_d _k_r_b___r_d___s_a_f_e
+       must  check  time   order   and   for   replay   attempts.
+       _k_r_b___c_k___r_e_p_l is not implemented yet.
+
+AAUUTTHHOORRSS
+       Clifford Neuman, MIT Project Athena
+       Steve  Miller, MIT Project Athena/Digital Equipment Corpo-
+       ration
+
+RREESSTTRRIICCTTIIOONNSS
+       COPYRIGHT 1985,1986,1989 Massachusetts Institute of  Tech-
+       nology
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     7
+
+
+
+
+
diff --git a/usr/share/man/cat3/krb_rd_req.0 b/usr/share/man/cat3/krb_rd_req.0
new file mode 100644
index 0000000000..ac1157fbda
--- /dev/null
+++ b/usr/share/man/cat3/krb_rd_req.0
@@ -0,0 +1,462 @@
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+NNAAMMEE
+       krb_mk_req,     krb_rd_req,    krb_kntoln,    krb_set_key,
+       krb_get_cred,   krb_mk_priv,   krb_rd_priv,   krb_mk_safe,
+       krb_rd_safe,  krb_mk_err,  krb_rd_err,  krb_ck_repl - Ker-
+       beros authentication library
+
+SSYYNNOOPPSSIISS
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//ddeess..hh>>
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//kkrrbb..hh>>
+
+       eexxtteerrnn cchhaarr **kkrrbb__eerrrr__ttxxtt[[]];;
+
+       iinntt kkrrbb__mmkk__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cchheecckkssuumm))
+       KKTTEEXXTT aauutthheenntt;;
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       cchhaarr **rreeaallmm;;
+       uu__lloonngg cchheecckkssuumm;;
+
+       iinntt kkrrbb__rrdd__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,ffrroomm__aaddddrr,,aadd,,ffnn))
+       KKTTEEXXTT aauutthheenntt;;
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       uu__lloonngg ffrroomm__aaddddrr;;
+       AAUUTTHH__DDAATT **aadd;;
+       cchhaarr **ffnn;;
+
+       iinntt kkrrbb__kknnttoollnn((aadd,,llnnaammee))
+       AAUUTTHH__DDAATT **aadd;;
+       cchhaarr **llnnaammee;;
+
+       iinntt kkrrbb__sseett__kkeeyy((kkeeyy,,ccvvtt))
+       cchhaarr **kkeeyy;;
+       iinntt ccvvtt;;
+
+       iinntt kkrrbb__ggeett__ccrreedd((sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cc))
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       cchhaarr **rreeaallmm;;
+       CCRREEDDEENNTTIIAALLSS **cc;;
+
+       lloonngg kkrrbb__mmkk__pprriivv((iinn,,oouutt,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
+       uu__cchhaarr **iinn;;
+       uu__cchhaarr **oouutt;;
+       uu__lloonngg iinn__lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+
+       lloonngg kkrrbb__rrdd__pprriivv((iinn,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       uu__cchhaarr **iinn;;
+       uu__lloonngg iinn__lleennggtthh;;
+       KKeeyy__sscchheedduullee sscchheedduullee;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+       lloonngg kkrrbb__mmkk__ssaaffee((iinn,,oouutt,,iinn__lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
+       uu__cchhaarr **iinn;;
+       uu__cchhaarr **oouutt;;
+       uu__lloonngg iinn__lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+
+       lloonngg kkrrbb__rrdd__ssaaffee((iinn,,lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
+       uu__cchhaarr **iinn;;
+       uu__lloonngg lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+       lloonngg kkrrbb__mmkk__eerrrr((oouutt,,ccooddee,,ssttrriinngg))
+       uu__cchhaarr **oouutt;;
+       lloonngg ccooddee;;
+       cchhaarr **ssttrriinngg;;
+
+       lloonngg kkrrbb__rrdd__eerrrr((iinn,,lleennggtthh,,ccooddee,,mmssgg__ddaattaa))
+       uu__cchhaarr **iinn;;
+       uu__lloonngg lleennggtthh;;
+       lloonngg ccooddee;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+DDEESSCCRRIIPPTTIIOONN
+       This library supports network authentication  and  various
+       related  operations.   The  library contains many routines
+       beyond those described in this man page, but they are  not
+       intended to be used directly.  Instead, they are called by
+       the routines that are described, the authentication server
+       and the login program.
+
+       _k_r_b___e_r_r___t_x_t_[_] contains text string descriptions of various
+       Kerberos error codes returned  by  some  of  the  routines
+       below.
+
+       _k_r_b___m_k___r_e_q takes a pointer to a text structure in which an
+       authenticator is to be built.  It  also  takes  the  name,
+       instance,  and  realm  of  the  service  to be used and an
+       optional checksum.  It is up to the application to  decide
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     2
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       how to generate the checksum.  _k_r_b___m_k___r_e_q then retrieves a
+       ticket for the desired service and creates an  authentica-
+       tor.   The authenticator is built in _a_u_t_h_e_n_t and is acces-
+       sible to the calling procedure.
+
+       It is up to the application to get  the  authenticator  to
+       the  service  where it will be read by _k_r_b___r_d___r_e_q_.  Unless
+       an attacker possesses the session  key  contained  in  the
+       ticket,  it  will  be  unable to modify the authenticator.
+       Thus, the checksum can be used to verify the  authenticity
+       of the other data that will pass through a connection.
+
+       _k_r_b___r_d___r_e_q takes an authenticator of type KKTTEEXXTT,, a service
+       name, an instance, the address of the host originating the
+       request,  and  a  pointer  to a structure of type AAUUTTHH__DDAATT
+       which is filled in  with  information  obtained  from  the
+       authenticator.   It  also optionally takes the name of the
+       file in which it will find the secret key(s) for the  ser-
+       vice.   If  the  supplied  _i_n_s_t_a_n_c_e contains "*", then the
+       first service key with the same service name found in  the
+       service  key  file will be used, and the _i_n_s_t_a_n_c_e argument
+       will be filled in with the chosen  instance.   This  means
+       that  the  caller  must provide space for such an instance
+       name.
+
+       It is used to find out  information  about  the  principal
+       when  a  request  has been made to a service.  It is up to
+       the application protocol to get the authenticator from the
+       client  to  the service.  The authenticator is then passed
+       to _k_r_b___r_d___r_e_q to extract the desired information.
+
+       _k_r_b___r_d___r_e_q returns zero (RD_AP_OK) upon successful authen-
+       tication.   If a packet was forged, modified, or replayed,
+       authentication will fail.  If the authentication fails,  a
+       non-zero value is returned indicating the particular prob-
+       lem encountered.  See _k_r_b_._h for the list of error codes.
+
+       If the last argument is the null string  (""),  krb_rd_req
+       will  use  the  file /etc/srvtab to find its keys.  If the
+       last argument is NULL, it will assume  that  the  key  has
+       been  set  by _k_r_b___s_e_t___k_e_y and will not bother looking fur-
+       ther.
+
+       _k_r_b___k_n_t_o_l_n converts a Kerberos name to a local  name.   It
+       takes  a  structure of type AUTH_DAT and uses the name and
+       instance to look in the database /etc/aname  to  find  the
+       corresponding  local name.  The local name is returned and
+       can be used by an application to change uids, directories,
+       or  other  parameters.  It is not an integral part of Ker-
+       beros, but is instead provided to support the use of  Ker-
+       beros in existing utilities.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     3
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       _k_r_b___s_e_t___k_e_y  takes as an argument a des key.  It then cre-
+       ates a key schedule from it and saves the original key  to
+       be  used  as  an initialization vector.  It is used to set
+       the server's key which must be used to decrypt tickets.
+
+       If called with a  non-zero  second  argument,  _k_r_b___s_e_t___k_e_y
+       will  first  convert  the input from a string of arbitrary
+       length to a DES key by encrypting it with a one-way  func-
+       tion.
+
+       In   most  cases  it  should  not  be  necessary  to  call
+       _k_r_b___s_e_t___k_e_y_.  The necessary keys will usually be  obtained
+       and  set  inside  _k_r_b___r_d___r_e_q_.  _k_r_b___s_e_t___k_e_y is provided for
+       those applications that do not wish to place the  applica-
+       tion keys on disk.
+
+       _k_r_b___g_e_t___c_r_e_d  searches  the  caller's  ticket  file  for a
+       ticket for the given service, instance, and realm; and, if
+       a  ticket  is found, fills in the given CREDENTIALS struc-
+       ture with the ticket information.
+
+       If the ticket was found, _k_r_b___g_e_t___c_r_e_d returns  GC_OK.   If
+       the  ticket  file  can't  be found, can't be read, doesn't
+       belong to the user (other  than  root),  isn't  a  regular
+       file,  or  is  in  the  wrong  mode, the error GC_TKFIL is
+       returned.
+
+       _k_r_b___m_k___p_r_i_v creates an  encrypted,  authenticated  message
+       from  any arbitrary application data, pointed to by _i_n and
+       _i_n___l_e_n_g_t_h bytes long.  The private session key, pointed to
+       by _k_e_y and the key schedule, _s_c_h_e_d_u_l_e_, are used to encrypt
+       the data and some header information  using  _p_c_b_c___e_n_c_r_y_p_t_.
+       _s_e_n_d_e_r  and  _r_e_c_e_i_v_e_r point to the Internet address of the
+       two parties.  In addition to providing privacy, this  pro-
+       tocol  message  protects against modifications, insertions
+       or replays.   The  encapsulated  message  and  header  are
+       placed  in  the  area  pointed  to  by _o_u_t and the routine
+       returns the length of the  output,  or  -1  indicating  an
+       error.
+
+       _k_r_b___r_d___p_r_i_v   decrypts   and   authenticates   a  received
+       _k_r_b___m_k___p_r_i_v message.  _i_n points to the  beginning  of  the
+       received  message, whose length is specified in _i_n___l_e_n_g_t_h_.
+       The private session key, pointed to by _k_e_y_,  and  the  key
+       schedule,  _s_c_h_e_d_u_l_e_,  are  used  to decrypt and verify the
+       received message.  _m_s_g___d_a_t_a is  a  pointer  to  a  _M_S_G___D_A_T
+       struct,  defined  in  _k_r_b_._h_.   The  routine  fills  in the
+       _a_p_p___d_a_t_a field with a pointer to the decrypted application
+       data,  _a_p_p___l_e_n_g_t_h  with  the length of the _a_p_p___d_a_t_a field,
+       _t_i_m_e___s_e_c and _t_i_m_e___5_m_s with the timestamps in the  message,
+       and  _s_w_a_p  with  a  1 if the byte order of the receiver is
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     4
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       different than that of the sender.  (The application  must
+       still determine if it is appropriate to byte-swap applica-
+       tion data; the Kerberos protocol fields are already  taken
+       care  of).  The _h_a_s_h field returns a value useful as input
+       to the _k_r_b___c_k___r_e_p_l routine.
+
+       The routine returns zero if ok, or a Kerberos error  code.
+       Modified messages and old messages cause errors, but it is
+       up to the caller to check the time sequence  of  messages,
+       and  to  check  against  recently  replayed messages using
+       _k_r_b___c_k___r_e_p_l if so desired.
+
+       _k_r_b___m_k___s_a_f_e creates an authenticated, but unencrypted mes-
+       sage from any arbitrary application data, pointed to by _i_n
+       and  _i_n___l_e_n_g_t_h  bytes  long.   The  private  session  key,
+       pointed to by _k_e_y_, is used to seed the _q_u_a_d___c_k_s_u_m_(_) check-
+       sum algorithm used as part of the authentication.   _s_e_n_d_e_r
+       and _r_e_c_e_i_v_e_r point to the Internet address of the two par-
+       ties.  This message does not  provide  privacy,  but  does
+       protect  (via detection) against modifications, insertions
+       or replays.   The  encapsulated  message  and  header  are
+       placed  in  the  area  pointed  to  by _o_u_t and the routine
+       returns the length of the  output,  or  -1  indicating  an
+       error.  The authentication provided by this routine is not
+       as strong as that provided by _k_r_b___m_k___p_r_i_v or by  computing
+       the  checksum  using  _c_b_c___c_k_s_u_m  instead,  both  of  which
+       authenticate via DES.
+
+
+       _k_r_b___r_d___s_a_f_e authenticates a received _k_r_b___m_k___s_a_f_e  message.
+       _i_n  points to the beginning of the received message, whose
+       length is specified in  _i_n___l_e_n_g_t_h_.   The  private  session
+       key,  pointed  to by _k_e_y_, is used to seed the quad_cksum()
+       routine as part of  the  authentication.   _m_s_g___d_a_t_a  is  a
+       pointer  to a _M_S_G___D_A_T struct, defined in _k_r_b_._h _.  The rou-
+       tine fills in these _M_S_G___D_A_T  fields:  the  _a_p_p___d_a_t_a  field
+       with  a  pointer  to the application data, _a_p_p___l_e_n_g_t_h with
+       the length of the _a_p_p___d_a_t_a field,  _t_i_m_e___s_e_c  and  _t_i_m_e___5_m_s
+       with  the  timestamps in the message, and _s_w_a_p with a 1 if
+       the byte order of the receiver is different than  that  of
+       the  sender.   (The application must still determine if it
+       is appropriate to byte-swap application data; the Kerberos
+       protocol  fields  are  already  taken  care of).  The _h_a_s_h
+       field returns a value useful as input to  the  _k_r_b___c_k___r_e_p_l
+       routine.
+
+       The  routine returns zero if ok, or a Kerberos error code.
+       Modified messages and old messages cause errors, but it is
+       up  to  the caller to check the time sequence of messages,
+       and to check  against  recently  replayed  messages  using
+       _k_r_b___c_k___r_e_p_l if so desired.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     5
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       _k_r_b___m_k___e_r_r  constructs  an application level error message
+       that may be used along with  _k_r_b___m_k___p_r_i_v  or  _k_r_b___m_k___s_a_f_e_.
+       _o_u_t is a pointer to the output buffer, _c_o_d_e is an applica-
+       tion specific error code, and  _s_t_r_i_n_g  is  an  application
+       specific error string.
+
+
+       _k_r_b___r_d___e_r_r  unpacks  a  received  _k_r_b___m_k___e_r_r  message.  _i_n
+       points to the beginning of  the  received  message,  whose
+       length  is specified in _i_n___l_e_n_g_t_h_.  _c_o_d_e is a pointer to a
+       value to be filled in with the error value provided by the
+       application.   _m_s_g___d_a_t_a  is a pointer to a _M_S_G___D_A_T struct,
+       defined in _k_r_b_._h _.  The routine  fills  in  these  _M_S_G___D_A_T
+       fields:  the _a_p_p___d_a_t_a field with a pointer to the applica-
+       tion  error  text,  _a_p_p___l_e_n_g_t_h  with  the  length  of  the
+       _a_p_p___d_a_t_a field, and _s_w_a_p with a 1 if the byte order of the
+       receiver is different  than  that  of  the  sender.   (The
+       application  must  still determine if it is appropriate to
+       byte-swap application data; the Kerberos  protocol  fields
+       are already taken care of).
+
+       The  routine  returns  zero  if the error message has been
+       successfully received, or a Kerberos error code.
+
+       The _K_T_E_X_T structure is used to pass around text of varying
+       lengths.   It  consists  of  a  buffer for the data, and a
+       length.  krb_rd_req takes an argument of  this  type  con-
+       taining  the  authenticator,  and  krb_mk_req  returns the
+       authenticator in a structure of this type.   KTEXT  itself
+       is  really a pointer to the structure.   The actual struc-
+       ture is of type KTEXT_ST.
+
+       The _A_U_T_H___D_A_T structure is filled  in  by  krb_rd_req.   It
+       must be allocated before calling krb_rd_req, and a pointer
+       to it is passed.  The structure is  filled  in  with  data
+       obtained from Kerberos.  _M_S_G___D_A_T structure is filled in by
+       either krb_rd_priv, krb_rd_safe, or krb_rd_err.   It  must
+       be  allocated  before  the  call  and  a  pointer to it is
+       passed.  The structure is filled  in  with  data  obtained
+       from Kerberos.
+
+
+FFIILLEESS
+       /usr/include/kerberosIV/krb.h
+       /usr/lib/libkrb.a
+       /usr/include/kerberosIV/des.h
+       /usr/lib/libdes.a
+       /etc/kerberosIV/aname
+       /etc/kerberosIV/srvtab
+       /tmp/tkt[uid]
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     6
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+SSEEEE AALLSSOO
+       kerberos(1), des_crypt(3)
+
+DDIIAAGGNNOOSSTTIICCSS
+BBUUGGSS
+       The  caller  of  _k_r_b___r_d___r_e_q_,  _k_r_b___r_d___p_r_i_v_, _a_n_d _k_r_b___r_d___s_a_f_e
+       must  check  time   order   and   for   replay   attempts.
+       _k_r_b___c_k___r_e_p_l is not implemented yet.
+
+AAUUTTHHOORRSS
+       Clifford Neuman, MIT Project Athena
+       Steve  Miller, MIT Project Athena/Digital Equipment Corpo-
+       ration
+
+RREESSTTRRIICCTTIIOONNSS
+       COPYRIGHT 1985,1986,1989 Massachusetts Institute of  Tech-
+       nology
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     7
+
+
+
+
+
diff --git a/usr/share/man/cat3/krb_rd_safe.0 b/usr/share/man/cat3/krb_rd_safe.0
new file mode 100644
index 0000000000..ac1157fbda
--- /dev/null
+++ b/usr/share/man/cat3/krb_rd_safe.0
@@ -0,0 +1,462 @@
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+NNAAMMEE
+       krb_mk_req,     krb_rd_req,    krb_kntoln,    krb_set_key,
+       krb_get_cred,   krb_mk_priv,   krb_rd_priv,   krb_mk_safe,
+       krb_rd_safe,  krb_mk_err,  krb_rd_err,  krb_ck_repl - Ker-
+       beros authentication library
+
+SSYYNNOOPPSSIISS
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//ddeess..hh>>
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//kkrrbb..hh>>
+
+       eexxtteerrnn cchhaarr **kkrrbb__eerrrr__ttxxtt[[]];;
+
+       iinntt kkrrbb__mmkk__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cchheecckkssuumm))
+       KKTTEEXXTT aauutthheenntt;;
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       cchhaarr **rreeaallmm;;
+       uu__lloonngg cchheecckkssuumm;;
+
+       iinntt kkrrbb__rrdd__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,ffrroomm__aaddddrr,,aadd,,ffnn))
+       KKTTEEXXTT aauutthheenntt;;
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       uu__lloonngg ffrroomm__aaddddrr;;
+       AAUUTTHH__DDAATT **aadd;;
+       cchhaarr **ffnn;;
+
+       iinntt kkrrbb__kknnttoollnn((aadd,,llnnaammee))
+       AAUUTTHH__DDAATT **aadd;;
+       cchhaarr **llnnaammee;;
+
+       iinntt kkrrbb__sseett__kkeeyy((kkeeyy,,ccvvtt))
+       cchhaarr **kkeeyy;;
+       iinntt ccvvtt;;
+
+       iinntt kkrrbb__ggeett__ccrreedd((sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cc))
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       cchhaarr **rreeaallmm;;
+       CCRREEDDEENNTTIIAALLSS **cc;;
+
+       lloonngg kkrrbb__mmkk__pprriivv((iinn,,oouutt,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
+       uu__cchhaarr **iinn;;
+       uu__cchhaarr **oouutt;;
+       uu__lloonngg iinn__lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+
+       lloonngg kkrrbb__rrdd__pprriivv((iinn,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       uu__cchhaarr **iinn;;
+       uu__lloonngg iinn__lleennggtthh;;
+       KKeeyy__sscchheedduullee sscchheedduullee;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+       lloonngg kkrrbb__mmkk__ssaaffee((iinn,,oouutt,,iinn__lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
+       uu__cchhaarr **iinn;;
+       uu__cchhaarr **oouutt;;
+       uu__lloonngg iinn__lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+
+       lloonngg kkrrbb__rrdd__ssaaffee((iinn,,lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
+       uu__cchhaarr **iinn;;
+       uu__lloonngg lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+       lloonngg kkrrbb__mmkk__eerrrr((oouutt,,ccooddee,,ssttrriinngg))
+       uu__cchhaarr **oouutt;;
+       lloonngg ccooddee;;
+       cchhaarr **ssttrriinngg;;
+
+       lloonngg kkrrbb__rrdd__eerrrr((iinn,,lleennggtthh,,ccooddee,,mmssgg__ddaattaa))
+       uu__cchhaarr **iinn;;
+       uu__lloonngg lleennggtthh;;
+       lloonngg ccooddee;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+DDEESSCCRRIIPPTTIIOONN
+       This library supports network authentication  and  various
+       related  operations.   The  library contains many routines
+       beyond those described in this man page, but they are  not
+       intended to be used directly.  Instead, they are called by
+       the routines that are described, the authentication server
+       and the login program.
+
+       _k_r_b___e_r_r___t_x_t_[_] contains text string descriptions of various
+       Kerberos error codes returned  by  some  of  the  routines
+       below.
+
+       _k_r_b___m_k___r_e_q takes a pointer to a text structure in which an
+       authenticator is to be built.  It  also  takes  the  name,
+       instance,  and  realm  of  the  service  to be used and an
+       optional checksum.  It is up to the application to  decide
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     2
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       how to generate the checksum.  _k_r_b___m_k___r_e_q then retrieves a
+       ticket for the desired service and creates an  authentica-
+       tor.   The authenticator is built in _a_u_t_h_e_n_t and is acces-
+       sible to the calling procedure.
+
+       It is up to the application to get  the  authenticator  to
+       the  service  where it will be read by _k_r_b___r_d___r_e_q_.  Unless
+       an attacker possesses the session  key  contained  in  the
+       ticket,  it  will  be  unable to modify the authenticator.
+       Thus, the checksum can be used to verify the  authenticity
+       of the other data that will pass through a connection.
+
+       _k_r_b___r_d___r_e_q takes an authenticator of type KKTTEEXXTT,, a service
+       name, an instance, the address of the host originating the
+       request,  and  a  pointer  to a structure of type AAUUTTHH__DDAATT
+       which is filled in  with  information  obtained  from  the
+       authenticator.   It  also optionally takes the name of the
+       file in which it will find the secret key(s) for the  ser-
+       vice.   If  the  supplied  _i_n_s_t_a_n_c_e contains "*", then the
+       first service key with the same service name found in  the
+       service  key  file will be used, and the _i_n_s_t_a_n_c_e argument
+       will be filled in with the chosen  instance.   This  means
+       that  the  caller  must provide space for such an instance
+       name.
+
+       It is used to find out  information  about  the  principal
+       when  a  request  has been made to a service.  It is up to
+       the application protocol to get the authenticator from the
+       client  to  the service.  The authenticator is then passed
+       to _k_r_b___r_d___r_e_q to extract the desired information.
+
+       _k_r_b___r_d___r_e_q returns zero (RD_AP_OK) upon successful authen-
+       tication.   If a packet was forged, modified, or replayed,
+       authentication will fail.  If the authentication fails,  a
+       non-zero value is returned indicating the particular prob-
+       lem encountered.  See _k_r_b_._h for the list of error codes.
+
+       If the last argument is the null string  (""),  krb_rd_req
+       will  use  the  file /etc/srvtab to find its keys.  If the
+       last argument is NULL, it will assume  that  the  key  has
+       been  set  by _k_r_b___s_e_t___k_e_y and will not bother looking fur-
+       ther.
+
+       _k_r_b___k_n_t_o_l_n converts a Kerberos name to a local  name.   It
+       takes  a  structure of type AUTH_DAT and uses the name and
+       instance to look in the database /etc/aname  to  find  the
+       corresponding  local name.  The local name is returned and
+       can be used by an application to change uids, directories,
+       or  other  parameters.  It is not an integral part of Ker-
+       beros, but is instead provided to support the use of  Ker-
+       beros in existing utilities.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     3
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       _k_r_b___s_e_t___k_e_y  takes as an argument a des key.  It then cre-
+       ates a key schedule from it and saves the original key  to
+       be  used  as  an initialization vector.  It is used to set
+       the server's key which must be used to decrypt tickets.
+
+       If called with a  non-zero  second  argument,  _k_r_b___s_e_t___k_e_y
+       will  first  convert  the input from a string of arbitrary
+       length to a DES key by encrypting it with a one-way  func-
+       tion.
+
+       In   most  cases  it  should  not  be  necessary  to  call
+       _k_r_b___s_e_t___k_e_y_.  The necessary keys will usually be  obtained
+       and  set  inside  _k_r_b___r_d___r_e_q_.  _k_r_b___s_e_t___k_e_y is provided for
+       those applications that do not wish to place the  applica-
+       tion keys on disk.
+
+       _k_r_b___g_e_t___c_r_e_d  searches  the  caller's  ticket  file  for a
+       ticket for the given service, instance, and realm; and, if
+       a  ticket  is found, fills in the given CREDENTIALS struc-
+       ture with the ticket information.
+
+       If the ticket was found, _k_r_b___g_e_t___c_r_e_d returns  GC_OK.   If
+       the  ticket  file  can't  be found, can't be read, doesn't
+       belong to the user (other  than  root),  isn't  a  regular
+       file,  or  is  in  the  wrong  mode, the error GC_TKFIL is
+       returned.
+
+       _k_r_b___m_k___p_r_i_v creates an  encrypted,  authenticated  message
+       from  any arbitrary application data, pointed to by _i_n and
+       _i_n___l_e_n_g_t_h bytes long.  The private session key, pointed to
+       by _k_e_y and the key schedule, _s_c_h_e_d_u_l_e_, are used to encrypt
+       the data and some header information  using  _p_c_b_c___e_n_c_r_y_p_t_.
+       _s_e_n_d_e_r  and  _r_e_c_e_i_v_e_r point to the Internet address of the
+       two parties.  In addition to providing privacy, this  pro-
+       tocol  message  protects against modifications, insertions
+       or replays.   The  encapsulated  message  and  header  are
+       placed  in  the  area  pointed  to  by _o_u_t and the routine
+       returns the length of the  output,  or  -1  indicating  an
+       error.
+
+       _k_r_b___r_d___p_r_i_v   decrypts   and   authenticates   a  received
+       _k_r_b___m_k___p_r_i_v message.  _i_n points to the  beginning  of  the
+       received  message, whose length is specified in _i_n___l_e_n_g_t_h_.
+       The private session key, pointed to by _k_e_y_,  and  the  key
+       schedule,  _s_c_h_e_d_u_l_e_,  are  used  to decrypt and verify the
+       received message.  _m_s_g___d_a_t_a is  a  pointer  to  a  _M_S_G___D_A_T
+       struct,  defined  in  _k_r_b_._h_.   The  routine  fills  in the
+       _a_p_p___d_a_t_a field with a pointer to the decrypted application
+       data,  _a_p_p___l_e_n_g_t_h  with  the length of the _a_p_p___d_a_t_a field,
+       _t_i_m_e___s_e_c and _t_i_m_e___5_m_s with the timestamps in the  message,
+       and  _s_w_a_p  with  a  1 if the byte order of the receiver is
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     4
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       different than that of the sender.  (The application  must
+       still determine if it is appropriate to byte-swap applica-
+       tion data; the Kerberos protocol fields are already  taken
+       care  of).  The _h_a_s_h field returns a value useful as input
+       to the _k_r_b___c_k___r_e_p_l routine.
+
+       The routine returns zero if ok, or a Kerberos error  code.
+       Modified messages and old messages cause errors, but it is
+       up to the caller to check the time sequence  of  messages,
+       and  to  check  against  recently  replayed messages using
+       _k_r_b___c_k___r_e_p_l if so desired.
+
+       _k_r_b___m_k___s_a_f_e creates an authenticated, but unencrypted mes-
+       sage from any arbitrary application data, pointed to by _i_n
+       and  _i_n___l_e_n_g_t_h  bytes  long.   The  private  session  key,
+       pointed to by _k_e_y_, is used to seed the _q_u_a_d___c_k_s_u_m_(_) check-
+       sum algorithm used as part of the authentication.   _s_e_n_d_e_r
+       and _r_e_c_e_i_v_e_r point to the Internet address of the two par-
+       ties.  This message does not  provide  privacy,  but  does
+       protect  (via detection) against modifications, insertions
+       or replays.   The  encapsulated  message  and  header  are
+       placed  in  the  area  pointed  to  by _o_u_t and the routine
+       returns the length of the  output,  or  -1  indicating  an
+       error.  The authentication provided by this routine is not
+       as strong as that provided by _k_r_b___m_k___p_r_i_v or by  computing
+       the  checksum  using  _c_b_c___c_k_s_u_m  instead,  both  of  which
+       authenticate via DES.
+
+
+       _k_r_b___r_d___s_a_f_e authenticates a received _k_r_b___m_k___s_a_f_e  message.
+       _i_n  points to the beginning of the received message, whose
+       length is specified in  _i_n___l_e_n_g_t_h_.   The  private  session
+       key,  pointed  to by _k_e_y_, is used to seed the quad_cksum()
+       routine as part of  the  authentication.   _m_s_g___d_a_t_a  is  a
+       pointer  to a _M_S_G___D_A_T struct, defined in _k_r_b_._h _.  The rou-
+       tine fills in these _M_S_G___D_A_T  fields:  the  _a_p_p___d_a_t_a  field
+       with  a  pointer  to the application data, _a_p_p___l_e_n_g_t_h with
+       the length of the _a_p_p___d_a_t_a field,  _t_i_m_e___s_e_c  and  _t_i_m_e___5_m_s
+       with  the  timestamps in the message, and _s_w_a_p with a 1 if
+       the byte order of the receiver is different than  that  of
+       the  sender.   (The application must still determine if it
+       is appropriate to byte-swap application data; the Kerberos
+       protocol  fields  are  already  taken  care of).  The _h_a_s_h
+       field returns a value useful as input to  the  _k_r_b___c_k___r_e_p_l
+       routine.
+
+       The  routine returns zero if ok, or a Kerberos error code.
+       Modified messages and old messages cause errors, but it is
+       up  to  the caller to check the time sequence of messages,
+       and to check  against  recently  replayed  messages  using
+       _k_r_b___c_k___r_e_p_l if so desired.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     5
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       _k_r_b___m_k___e_r_r  constructs  an application level error message
+       that may be used along with  _k_r_b___m_k___p_r_i_v  or  _k_r_b___m_k___s_a_f_e_.
+       _o_u_t is a pointer to the output buffer, _c_o_d_e is an applica-
+       tion specific error code, and  _s_t_r_i_n_g  is  an  application
+       specific error string.
+
+
+       _k_r_b___r_d___e_r_r  unpacks  a  received  _k_r_b___m_k___e_r_r  message.  _i_n
+       points to the beginning of  the  received  message,  whose
+       length  is specified in _i_n___l_e_n_g_t_h_.  _c_o_d_e is a pointer to a
+       value to be filled in with the error value provided by the
+       application.   _m_s_g___d_a_t_a  is a pointer to a _M_S_G___D_A_T struct,
+       defined in _k_r_b_._h _.  The routine  fills  in  these  _M_S_G___D_A_T
+       fields:  the _a_p_p___d_a_t_a field with a pointer to the applica-
+       tion  error  text,  _a_p_p___l_e_n_g_t_h  with  the  length  of  the
+       _a_p_p___d_a_t_a field, and _s_w_a_p with a 1 if the byte order of the
+       receiver is different  than  that  of  the  sender.   (The
+       application  must  still determine if it is appropriate to
+       byte-swap application data; the Kerberos  protocol  fields
+       are already taken care of).
+
+       The  routine  returns  zero  if the error message has been
+       successfully received, or a Kerberos error code.
+
+       The _K_T_E_X_T structure is used to pass around text of varying
+       lengths.   It  consists  of  a  buffer for the data, and a
+       length.  krb_rd_req takes an argument of  this  type  con-
+       taining  the  authenticator,  and  krb_mk_req  returns the
+       authenticator in a structure of this type.   KTEXT  itself
+       is  really a pointer to the structure.   The actual struc-
+       ture is of type KTEXT_ST.
+
+       The _A_U_T_H___D_A_T structure is filled  in  by  krb_rd_req.   It
+       must be allocated before calling krb_rd_req, and a pointer
+       to it is passed.  The structure is  filled  in  with  data
+       obtained from Kerberos.  _M_S_G___D_A_T structure is filled in by
+       either krb_rd_priv, krb_rd_safe, or krb_rd_err.   It  must
+       be  allocated  before  the  call  and  a  pointer to it is
+       passed.  The structure is filled  in  with  data  obtained
+       from Kerberos.
+
+
+FFIILLEESS
+       /usr/include/kerberosIV/krb.h
+       /usr/lib/libkrb.a
+       /usr/include/kerberosIV/des.h
+       /usr/lib/libdes.a
+       /etc/kerberosIV/aname
+       /etc/kerberosIV/srvtab
+       /tmp/tkt[uid]
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     6
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+SSEEEE AALLSSOO
+       kerberos(1), des_crypt(3)
+
+DDIIAAGGNNOOSSTTIICCSS
+BBUUGGSS
+       The  caller  of  _k_r_b___r_d___r_e_q_,  _k_r_b___r_d___p_r_i_v_, _a_n_d _k_r_b___r_d___s_a_f_e
+       must  check  time   order   and   for   replay   attempts.
+       _k_r_b___c_k___r_e_p_l is not implemented yet.
+
+AAUUTTHHOORRSS
+       Clifford Neuman, MIT Project Athena
+       Steve  Miller, MIT Project Athena/Digital Equipment Corpo-
+       ration
+
+RREESSTTRRIICCTTIIOONNSS
+       COPYRIGHT 1985,1986,1989 Massachusetts Institute of  Tech-
+       nology
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     7
+
+
+
+
+
diff --git a/usr/share/man/cat3/krb_realmofhost.0 b/usr/share/man/cat3/krb_realmofhost.0
new file mode 100644
index 0000000000..901419e5e6
--- /dev/null
+++ b/usr/share/man/cat3/krb_realmofhost.0
@@ -0,0 +1,198 @@
+
+
+
+KRB_REALMOFHOST(3)   BSD Programmer's Manual   KRB_REALMOFHOST(3)
+
+
+NNAAMMEE
+       krb_realmofhost,       krb_get_phost,      krb_get_krbhst,
+       krb_get_admhst, krb_get_lrealm - additional Kerberos util-
+       ity routines
+
+SSYYNNOOPPSSIISS
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//kkrrbb..hh>>
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//ddeess..hh>>
+       ##iinncclluuddee <<nneettiinneett//iinn..hh>>
+
+       cchhaarr **kkrrbb__rreeaallmmooffhhoosstt((hhoosstt))
+       cchhaarr **hhoosstt;;
+
+       cchhaarr **kkrrbb__ggeett__pphhoosstt((aalliiaass))
+       cchhaarr **aalliiaass;;
+
+       kkrrbb__ggeett__kkrrbbhhsstt((hhoosstt,,rreeaallmm,,nn))
+       cchhaarr **hhoosstt;;
+       cchhaarr **rreeaallmm;;
+       iinntt nn;;
+
+       kkrrbb__ggeett__aaddmmhhsstt((hhoosstt,,rreeaallmm,,nn))
+       cchhaarr **hhoosstt;;
+       cchhaarr **rreeaallmm;;
+       iinntt nn;;
+
+       kkrrbb__ggeett__llrreeaallmm((rreeaallmm,,nn))
+       cchhaarr **rreeaallmm;;
+       iinntt nn;;
+
+DDEESSCCRRIIPPTTIIOONN
+       _k_r_b___r_e_a_l_m_o_f_h_o_s_t  returns  the  Kerberos  realm of the host
+       _h_o_s_t,   as   determined   by   the    translation    table
+       _/_e_t_c_/_k_e_r_b_e_r_o_s_I_V_/_k_r_b_._r_e_a_l_m_s.   _h_o_s_t  should  be  the fully-
+       qualified domain-style primary host name of  the  host  in
+       question.   In  order to prevent certain security attacks,
+       this routine must either have  _a  _p_r_i_o_r_i  knowledge  of  a
+       host's realm, or obtain such information securely.
+
+       The  format  of  the  translation  file  is  described  by
+       _k_r_b_._r_e_a_l_m_s(5).  If _h_o_s_t exactly matches a host_name  line,
+       the  corresponding  realm  is returned.  Otherwise, if the
+       domain portion of _h_o_s_t matches  a  domain_name  line,  the
+       corresponding  realm  is  returned.   If  _h_o_s_t  contains a
+       domain, but no translation is found, _h_o_s_t's domain is con-
+       verted  to  upper-case  and returned.  If _h_o_s_t contains no
+       discernible domain, or an error occurs,  the  local  realm
+       name, as supplied by _k_r_b___g_e_t___l_r_e_a_l_m(3), is returned.
+
+       _k_r_b___g_e_t___p_h_o_s_t  converts  the  hostname _a_l_i_a_s (which can be
+       either an official name or an  alias)  into  the  instance
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
+
+
+
+KRB_REALMOFHOST(3)   BSD Programmer's Manual   KRB_REALMOFHOST(3)
+
+
+       name  to  be  used  in obtaining Kerberos tickets for most
+       services, including the Berkeley rcmd suite (rlogin,  rcp,
+       rsh).
+       The  current  convention is to return the first segment of
+       the official domain-style name after conversion  to  lower
+       case.
+
+       _k_r_b___g_e_t___k_r_b_h_s_t  fills in _h_o_s_t with the hostname of the _nth
+       host running a Kerberos key distribution center (KDC)  for
+       realm  _r_e_a_l_m,  as  specified  in  the  configuration  file
+       (_/_e_t_c_/_k_e_r_b_e_r_o_s_I_V_/_k_r_b_._c_o_n_f).   The  configuration  file  is
+       described  by  _k_r_b_._c_o_n_f(5).   If  the host is successfully
+       filled in, the routine returns KSUCCESS.  If the file can-
+       not  be opened, and _n equals 1, then the value of KRB_HOST
+       as defined in  _<_k_r_b_._h_>  is  filled  in,  and  KSUCCESS  is
+       returned.   If there are fewer than _n hosts running a Ker-
+       beros KDC for the requested realm,  or  the  configuration
+       file is malformed, the routine returns KFAILURE.
+
+       _k_r_b___g_e_t___a_d_m_h_s_t  fills in _h_o_s_t with the hostname of the _nth
+       host running a Kerberos KDC database administration server
+       for  realm  _r_e_a_l_m,  as specified in the configuration file
+       (_/_e_t_c_/_k_e_r_b_e_r_o_s_I_V_/_k_r_b_._c_o_n_f).  If the file cannot be  opened
+       or is malformed, or there are fewer than _n hosts running a
+       Kerberos KDC database administration server,  the  routine
+       returns KFAILURE.
+
+       The   character   arrays   used   as   return  values  for
+       _k_r_b___g_e_t___k_r_b_h_s_t, _k_r_b___g_e_t___a_d_m_h_s_t, should be large enough  to
+       hold any hostname (MAXHOSTNAMELEN from <sys/param.h>).
+
+       _k_r_b___g_e_t___l_r_e_a_l_m  fills  in  _r_e_a_l_m with the _nth realm of the
+       local host, as specified in the configuration file.  _r_e_a_l_m
+       should  be at least REALM_SZ (from _<_k_r_b_._h_>_)characters_l_o_n_g_.
+
+
+SSEEEE AALLSSOO
+       kerberos(3), krb.conf(5), krb.realms(5)
+
+FFIILLEESS
+       /etc/kerberosIV/krb.realms
+                           translation  file  for   host-to-realm
+                           mapping.
+
+       /etc/kerberosIV/krb.conf
+                           local realm-name and realm/server con-
+                           figuration file.
+
+BBUUGGSS
+       The current convention for instance names is too  limited;
+       the full domain name should be used.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     2
+
+
+
+
+
+
+
+
+KRB_REALMOFHOST(3)   BSD Programmer's Manual   KRB_REALMOFHOST(3)
+
+
+       _k_r_b___g_e_t___l_r_e_a_l_m  currently  only supports _n = 1.  It should
+       really consult the user's ticket cache  to  determine  the
+       user's current realm, rather than consulting a file on the
+       host.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     3
+
+
+
+
+
diff --git a/usr/share/man/cat3/krb_sendauth.0 b/usr/share/man/cat3/krb_sendauth.0
new file mode 100644
index 0000000000..881666b67e
--- /dev/null
+++ b/usr/share/man/cat3/krb_sendauth.0
@@ -0,0 +1,264 @@
+
+
+
+KRB_SENDAUTH(3)      BSD Programmer's Manual      KRB_SENDAUTH(3)
+
+
+NNAAMMEE
+       krb_sendauth,  krb_recvauth, krb_net_write, krb_net_read -
+       Kerberos routines for sending authentication  via  network
+       stream sockets
+
+SSYYNNOOPPSSIISS
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//kkrrbb..hh>>
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//ddeess..hh>>
+       ##iinncclluuddee <<nneettiinneett//iinn..hh>>
+
+
+       iinntt kkrrbb__sseennddaauutthh((ooppttiioonnss,, ffdd,, kktteexxtt,, sseerrvviiccee,, iinnsstt,, rreeaallmm,,
+                 cchheecckkssuumm,,  mmssgg__ddaattaa,,  ccrreedd,,   sscchheedduullee,,   llaaddddrr,,
+                 ffaaddddrr,, vveerrssiioonn))
+       lloonngg ooppttiioonnss;;
+       iinntt ffdd;;
+       KKTTEEXXTT kktteexxtt;;
+       cchhaarr **sseerrvviiccee,, **iinnsstt,, **rreeaallmm;;
+       uu__lloonngg cchheecckkssuumm;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+       CCRREEDDEENNTTIIAALLSS **ccrreedd;;
+       KKeeyy__sscchheedduullee sscchheedduullee;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **llaaddddrr,, **ffaaddddrr;;
+       cchhaarr **vveerrssiioonn;;
+
+
+       iinntt kkrrbb__rreeccvvaauutthh((ooppttiioonnss,, ffdd,, kktteexxtt,, sseerrvviiccee,, iinnsstt,, ffaaddddrr,,
+                 llaaddddrr,, aauutthh__ddaattaa,, ffiilleennaammee,, sscchheedduullee,, vveerrssiioonn))
+       lloonngg ooppttiioonnss;;
+       iinntt ffdd;;
+       KKTTEEXXTT kktteexxtt;;
+       cchhaarr **sseerrvviiccee,, **iinnsstt;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **ffaaddddrr,, **llaaddddrr;;
+       AAUUTTHH__DDAATT **aauutthh__ddaattaa;;
+       cchhaarr **ffiilleennaammee;;
+       KKeeyy__sscchheedduullee sscchheedduullee;;
+       cchhaarr **vveerrssiioonn;;
+
+       iinntt kkrrbb__nneett__wwrriittee((ffdd,, bbuuff,, lleenn))
+       iinntt ffdd;;
+       cchhaarr **bbuuff;;
+       iinntt lleenn;;
+
+       iinntt kkrrbb__nneett__rreeaadd((ffdd,, bbuuff,, lleenn))
+       iinntt ffdd;;
+       cchhaarr **bbuuff;;
+       iinntt lleenn;;
+
+DDEESSCCRRIIPPTTIIOONN
+       These functions, which are built on top of the  core  Ker-
+       beros  library,  provide a convenient means for client and
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
+
+
+
+KRB_SENDAUTH(3)      BSD Programmer's Manual      KRB_SENDAUTH(3)
+
+
+       server programs to send  authentication  messages  to  one
+       another  through  network  connections.   The _k_r_b___s_e_n_d_a_u_t_h
+       function sends an authenticated  ticket  from  the  client
+       program  to  the server program by writing the ticket to a
+       network socket.  The _k_r_b___r_e_c_v_a_u_t_h  function  receives  the
+       ticket from the client by reading from a network socket.
+
+
+KKRRBB__SSEENNDDAAUUTTHH
+       This  function  writes  the  ticket  to the network socket
+       specified by the file descriptor _f_d_, returning KSUCCESS if
+       the  write  proceeds successfully, and an error code if it
+       does not.
+
+       The _k_t_e_x_t argument should point to an  allocated  KTEXT_ST
+       structure.  The _s_e_r_v_i_c_e_, _i_n_s_t_, and _r_e_a_l_m arguments specify
+       the server program's Kerberos  principal  name,  instance,
+       and  realm.   If  you  are  writing a client that uses the
+       local realm exclusively, you can set the _r_e_a_l_m argument to
+       NULL.
+
+       The  _v_e_r_s_i_o_n argument allows the client program to pass an
+       application-specific version string that the  server  pro-
+       gram  can  then match against its own version string.  The
+       _v_e_r_s_i_o_n string can be up to  KSEND_VNO_LEN  (see  _<_k_r_b_._h_>)
+       characters in length.
+
+       The  _c_h_e_c_k_s_u_m argument can be used to pass checksum infor-
+       mation to the  server  program.   The  client  program  is
+       responsible  for specifying this information.  This check-
+       sum  information   is   difficult   to   corrupt   because
+       _k_r_b___s_e_n_d_a_u_t_h passes it over the network in encrypted form.
+       The _c_h_e_c_k_s_u_m argument is passed as the  checksum  argument
+       to _k_r_b___m_k___r_e_q.
+
+       You  can set _k_r_b___s_e_n_d_a_u_t_h_'_s other arguments to NULL unless
+       you want  the  client  and  server  programs  to  mutually
+       authenticate  themselves.  In the case of mutual authenti-
+       cation, the client authenticates itself to the server pro-
+       gram,  and  demands  that  the server in turn authenticate
+       itself to the client.
+
+
+KKRRBB__SSEENNDDAAUUTTHH AANNDD MMUUTTUUAALL AAUUTTHHEENNTTIICCAATTIIOONN
+       If you want mutual authentication, make sure that you read
+       all  pending  data  from  the  local socket before calling
+       _k_r_b___s_e_n_d_a_u_t_h_.   Set  _k_r_b___s_e_n_d_a_u_t_h_'_s  _o_p_t_i_o_n_s  argument  to
+       KKOOPPTT__DDOO__MMUUTTUUAALL  (this macro is defined in the _k_r_b_._h file);
+       make sure that the _l_a_d_d_r argument points to the address of
+       the  local  socket,  and  that _f_a_d_d_r points to the foreign
+       socket's network address.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     2
+
+
+
+
+
+
+
+
+KRB_SENDAUTH(3)      BSD Programmer's Manual      KRB_SENDAUTH(3)
+
+
+       _K_r_b___s_e_n_d_a_u_t_h fills  in  the  other  arguments--  _m_s_g___d_a_t_a,
+       _c_r_e_d,  and  _s_c_h_e_d_u_l_e--before  sending  the  ticket  to the
+       server program.  You must,  however,  allocate  space  for
+       these arguments before calling the function.
+
+       _K_r_b___s_e_n_d_a_u_t_h supports two other options: KKOOPPTT__DDOONNTT__MMKK__RREEQQ,,
+       and  KKOOPPTT__DDOONNTT__CCAANNOONN..   If  called  with  _o_p_t_i_o_n_s  set  as
+       KOPT_DONT_MK_REQ, _k_r_b___s_e_n_d_a_u_t_h will not use the _k_r_b___m_k___r_e_q
+       function to retrieve the ticket from the Kerberos  server.
+       The  _k_t_e_x_t  argument  must point to an existing ticket and
+       authenticator (such as would be  created  by  _k_r_b___m_k___r_e_q),
+       and  the  _s_e_r_v_i_c_e_, _i_n_s_t_, and _r_e_a_l_m arguments can be set to
+       NULL.
+
+       If   called   with   _o_p_t_i_o_n_s   set   as   KOPT_DONT_CANON,
+       _k_r_b___s_e_n_d_a_u_t_h  will  not  convert the service's instance to
+       canonical form using _k_r_b___g_e_t___p_h_o_s_t(3).
+
+       If you want to call _k_r_b___s_e_n_d_a_u_t_h with a  multiple  _o_p_t_i_o_n_s
+       specification,  construct  _o_p_t_i_o_n_s  as a bitwise-OR of the
+       options you want to specify.
+
+
+KKRRBB__RREECCVVAAUUTTHH
+       The _k_r_b___r_e_c_v_a_u_t_h  function  reads  a  ticket/authenticator
+       pair  from  the socket pointed to by the _f_d argument.  Set
+       the _o_p_t_i_o_n_s  argument  as  a  bitwise-OR  of  the  options
+       desired.   Currently  only KOPT_DO_MUTUAL is useful to the
+       receiver.
+
+       The _k_t_e_x_t argument should point to an  allocated  KTEXT_ST
+       structure.     _K_r_b___r_e_c_v_a_u_t_h    fills    _k_t_e_x_t   with   the
+       ticket/authenticator pair read from _f_d, then passes it  to
+       _k_r_b___r_d___r_e_q.
+
+       The  _s_e_r_v_i_c_e  and _i_n_s_t arguments specify the expected ser-
+       vice and instance for  which  the  ticket  was  generated.
+       They are also passed to _k_r_b___r_d___r_e_q_.  The _i_n_s_t argument may
+       be set to "*" if the caller wishes _k_r_b___m_k___r_e_q to  fill  in
+       the  instance  used  (note that there must be space in the
+       _i_n_s_t  argument  to  hold  a  full   instance   name,   see
+       _k_r_b___m_k___r_e_q(3)).
+
+       The _f_a_d_d_r argument should point to the address of the peer
+       which is presenting the ticket.   It  is  also  passed  to
+       _k_r_b___r_d___r_e_q.
+
+       If the client and server plan to mutually authenticate one
+       another, the _l_a_d_d_r argument  should  point  to  the  local
+       address  of  the  file  descriptor.  Otherwise you can set
+       this argument to NULL.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     3
+
+
+
+
+
+
+
+
+KRB_SENDAUTH(3)      BSD Programmer's Manual      KRB_SENDAUTH(3)
+
+
+       The  _a_u_t_h___d_a_t_a  argument  should  point  to  an  allocated
+       AUTH_DAT   area.   It  is  passed  to  and  filled  in  by
+       _k_r_b___r_d___r_e_q.  The  checksum  passed  to  the  corresponding
+       _k_r_b___s_e_n_d_a_u_t_h   is  available  as  part  of  the  filled-in
+       AUTH_DAT area.
+
+       The _f_i_l_e_n_a_m_e argument specifies  the  filename  which  the
+       service  program  should  use  to  obtain its service key.
+       _K_r_b___r_e_c_v_a_u_t_h passes _f_i_l_e_n_a_m_e to the  _k_r_b___r_d___r_e_q  function.
+       If  you  set this argument to "", _k_r_b___r_d___r_e_q looks for the
+       service key in the file _/_e_t_c_/_k_e_r_b_e_r_o_s_I_V_/_s_r_v_t_a_b_.
+
+       If the client and server are performing mutual authentica-
+       tion,  the  _s_c_h_e_d_u_l_e argument should point to an allocated
+       Key_schedule.  Otherwise it is ignored and may be NULL.
+
+       The _v_e_r_s_i_o_n argument should point to a character array  of
+       at  least  KSEND_VNO_LEN characters.  It is filled in with
+       the version string passed by the client to _k_r_b___s_e_n_d_a_u_t_h_.
+
+
+KKRRBB__NNEETT__WWRRIITTEE AANNDD KKRRBB__NNEETT__RREEAADD
+       The _k_r_b___n_e_t___w_r_i_t_e function emulates  the  write(2)  system
+       call, but guarantees that all data specified is written to
+       _f_d before returning, unless an error condition occurs.
+
+       The _k_r_b___n_e_t___r_e_a_d  function  emulates  the  read(2)  system
+       call,  but guarantees that the requested amount of data is
+       read from _f_d before returning, unless an  error  condition
+       occurs.
+
+
+BBUUGGSS
+       _k_r_b___s_e_n_d_a_u_t_h_,     _k_r_b___r_e_c_v_a_u_t_h_,     _k_r_b___n_e_t___w_r_i_t_e_,     and
+       _k_r_b___n_e_t___r_e_a_d will not work properly on sockets set to non-
+       blocking I/O mode.
+
+
+SSEEEE AALLSSOO
+       krb_mk_req(3), krb_rd_req(3), krb_get_phost(3)
+
+
+AAUUTTHHOORR
+       John T. Kohl, MIT Project Athena
+
+RREESSTTRRIICCTTIIOONNSS
+       Copyright  1988,  Massachusetts Instititute of Technology.
+       For copying and distribution information, please  see  the
+       file <mit-copyright.h>.
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     4
+
+
+
+
+
diff --git a/usr/share/man/cat3/krb_set_key.0 b/usr/share/man/cat3/krb_set_key.0
new file mode 100644
index 0000000000..ac1157fbda
--- /dev/null
+++ b/usr/share/man/cat3/krb_set_key.0
@@ -0,0 +1,462 @@
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+NNAAMMEE
+       krb_mk_req,     krb_rd_req,    krb_kntoln,    krb_set_key,
+       krb_get_cred,   krb_mk_priv,   krb_rd_priv,   krb_mk_safe,
+       krb_rd_safe,  krb_mk_err,  krb_rd_err,  krb_ck_repl - Ker-
+       beros authentication library
+
+SSYYNNOOPPSSIISS
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//ddeess..hh>>
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//kkrrbb..hh>>
+
+       eexxtteerrnn cchhaarr **kkrrbb__eerrrr__ttxxtt[[]];;
+
+       iinntt kkrrbb__mmkk__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cchheecckkssuumm))
+       KKTTEEXXTT aauutthheenntt;;
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       cchhaarr **rreeaallmm;;
+       uu__lloonngg cchheecckkssuumm;;
+
+       iinntt kkrrbb__rrdd__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,ffrroomm__aaddddrr,,aadd,,ffnn))
+       KKTTEEXXTT aauutthheenntt;;
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       uu__lloonngg ffrroomm__aaddddrr;;
+       AAUUTTHH__DDAATT **aadd;;
+       cchhaarr **ffnn;;
+
+       iinntt kkrrbb__kknnttoollnn((aadd,,llnnaammee))
+       AAUUTTHH__DDAATT **aadd;;
+       cchhaarr **llnnaammee;;
+
+       iinntt kkrrbb__sseett__kkeeyy((kkeeyy,,ccvvtt))
+       cchhaarr **kkeeyy;;
+       iinntt ccvvtt;;
+
+       iinntt kkrrbb__ggeett__ccrreedd((sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cc))
+       cchhaarr **sseerrvviiccee;;
+       cchhaarr **iinnssttaannccee;;
+       cchhaarr **rreeaallmm;;
+       CCRREEDDEENNTTIIAALLSS **cc;;
+
+       lloonngg kkrrbb__mmkk__pprriivv((iinn,,oouutt,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
+       uu__cchhaarr **iinn;;
+       uu__cchhaarr **oouutt;;
+       uu__lloonngg iinn__lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+
+       lloonngg kkrrbb__rrdd__pprriivv((iinn,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       uu__cchhaarr **iinn;;
+       uu__lloonngg iinn__lleennggtthh;;
+       KKeeyy__sscchheedduullee sscchheedduullee;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+       lloonngg kkrrbb__mmkk__ssaaffee((iinn,,oouutt,,iinn__lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
+       uu__cchhaarr **iinn;;
+       uu__cchhaarr **oouutt;;
+       uu__lloonngg iinn__lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+
+       lloonngg kkrrbb__rrdd__ssaaffee((iinn,,lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
+       uu__cchhaarr **iinn;;
+       uu__lloonngg lleennggtthh;;
+       ddeess__ccbblloocckk kkeeyy;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+       lloonngg kkrrbb__mmkk__eerrrr((oouutt,,ccooddee,,ssttrriinngg))
+       uu__cchhaarr **oouutt;;
+       lloonngg ccooddee;;
+       cchhaarr **ssttrriinngg;;
+
+       lloonngg kkrrbb__rrdd__eerrrr((iinn,,lleennggtthh,,ccooddee,,mmssgg__ddaattaa))
+       uu__cchhaarr **iinn;;
+       uu__lloonngg lleennggtthh;;
+       lloonngg ccooddee;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+
+DDEESSCCRRIIPPTTIIOONN
+       This library supports network authentication  and  various
+       related  operations.   The  library contains many routines
+       beyond those described in this man page, but they are  not
+       intended to be used directly.  Instead, they are called by
+       the routines that are described, the authentication server
+       and the login program.
+
+       _k_r_b___e_r_r___t_x_t_[_] contains text string descriptions of various
+       Kerberos error codes returned  by  some  of  the  routines
+       below.
+
+       _k_r_b___m_k___r_e_q takes a pointer to a text structure in which an
+       authenticator is to be built.  It  also  takes  the  name,
+       instance,  and  realm  of  the  service  to be used and an
+       optional checksum.  It is up to the application to  decide
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     2
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       how to generate the checksum.  _k_r_b___m_k___r_e_q then retrieves a
+       ticket for the desired service and creates an  authentica-
+       tor.   The authenticator is built in _a_u_t_h_e_n_t and is acces-
+       sible to the calling procedure.
+
+       It is up to the application to get  the  authenticator  to
+       the  service  where it will be read by _k_r_b___r_d___r_e_q_.  Unless
+       an attacker possesses the session  key  contained  in  the
+       ticket,  it  will  be  unable to modify the authenticator.
+       Thus, the checksum can be used to verify the  authenticity
+       of the other data that will pass through a connection.
+
+       _k_r_b___r_d___r_e_q takes an authenticator of type KKTTEEXXTT,, a service
+       name, an instance, the address of the host originating the
+       request,  and  a  pointer  to a structure of type AAUUTTHH__DDAATT
+       which is filled in  with  information  obtained  from  the
+       authenticator.   It  also optionally takes the name of the
+       file in which it will find the secret key(s) for the  ser-
+       vice.   If  the  supplied  _i_n_s_t_a_n_c_e contains "*", then the
+       first service key with the same service name found in  the
+       service  key  file will be used, and the _i_n_s_t_a_n_c_e argument
+       will be filled in with the chosen  instance.   This  means
+       that  the  caller  must provide space for such an instance
+       name.
+
+       It is used to find out  information  about  the  principal
+       when  a  request  has been made to a service.  It is up to
+       the application protocol to get the authenticator from the
+       client  to  the service.  The authenticator is then passed
+       to _k_r_b___r_d___r_e_q to extract the desired information.
+
+       _k_r_b___r_d___r_e_q returns zero (RD_AP_OK) upon successful authen-
+       tication.   If a packet was forged, modified, or replayed,
+       authentication will fail.  If the authentication fails,  a
+       non-zero value is returned indicating the particular prob-
+       lem encountered.  See _k_r_b_._h for the list of error codes.
+
+       If the last argument is the null string  (""),  krb_rd_req
+       will  use  the  file /etc/srvtab to find its keys.  If the
+       last argument is NULL, it will assume  that  the  key  has
+       been  set  by _k_r_b___s_e_t___k_e_y and will not bother looking fur-
+       ther.
+
+       _k_r_b___k_n_t_o_l_n converts a Kerberos name to a local  name.   It
+       takes  a  structure of type AUTH_DAT and uses the name and
+       instance to look in the database /etc/aname  to  find  the
+       corresponding  local name.  The local name is returned and
+       can be used by an application to change uids, directories,
+       or  other  parameters.  It is not an integral part of Ker-
+       beros, but is instead provided to support the use of  Ker-
+       beros in existing utilities.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     3
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       _k_r_b___s_e_t___k_e_y  takes as an argument a des key.  It then cre-
+       ates a key schedule from it and saves the original key  to
+       be  used  as  an initialization vector.  It is used to set
+       the server's key which must be used to decrypt tickets.
+
+       If called with a  non-zero  second  argument,  _k_r_b___s_e_t___k_e_y
+       will  first  convert  the input from a string of arbitrary
+       length to a DES key by encrypting it with a one-way  func-
+       tion.
+
+       In   most  cases  it  should  not  be  necessary  to  call
+       _k_r_b___s_e_t___k_e_y_.  The necessary keys will usually be  obtained
+       and  set  inside  _k_r_b___r_d___r_e_q_.  _k_r_b___s_e_t___k_e_y is provided for
+       those applications that do not wish to place the  applica-
+       tion keys on disk.
+
+       _k_r_b___g_e_t___c_r_e_d  searches  the  caller's  ticket  file  for a
+       ticket for the given service, instance, and realm; and, if
+       a  ticket  is found, fills in the given CREDENTIALS struc-
+       ture with the ticket information.
+
+       If the ticket was found, _k_r_b___g_e_t___c_r_e_d returns  GC_OK.   If
+       the  ticket  file  can't  be found, can't be read, doesn't
+       belong to the user (other  than  root),  isn't  a  regular
+       file,  or  is  in  the  wrong  mode, the error GC_TKFIL is
+       returned.
+
+       _k_r_b___m_k___p_r_i_v creates an  encrypted,  authenticated  message
+       from  any arbitrary application data, pointed to by _i_n and
+       _i_n___l_e_n_g_t_h bytes long.  The private session key, pointed to
+       by _k_e_y and the key schedule, _s_c_h_e_d_u_l_e_, are used to encrypt
+       the data and some header information  using  _p_c_b_c___e_n_c_r_y_p_t_.
+       _s_e_n_d_e_r  and  _r_e_c_e_i_v_e_r point to the Internet address of the
+       two parties.  In addition to providing privacy, this  pro-
+       tocol  message  protects against modifications, insertions
+       or replays.   The  encapsulated  message  and  header  are
+       placed  in  the  area  pointed  to  by _o_u_t and the routine
+       returns the length of the  output,  or  -1  indicating  an
+       error.
+
+       _k_r_b___r_d___p_r_i_v   decrypts   and   authenticates   a  received
+       _k_r_b___m_k___p_r_i_v message.  _i_n points to the  beginning  of  the
+       received  message, whose length is specified in _i_n___l_e_n_g_t_h_.
+       The private session key, pointed to by _k_e_y_,  and  the  key
+       schedule,  _s_c_h_e_d_u_l_e_,  are  used  to decrypt and verify the
+       received message.  _m_s_g___d_a_t_a is  a  pointer  to  a  _M_S_G___D_A_T
+       struct,  defined  in  _k_r_b_._h_.   The  routine  fills  in the
+       _a_p_p___d_a_t_a field with a pointer to the decrypted application
+       data,  _a_p_p___l_e_n_g_t_h  with  the length of the _a_p_p___d_a_t_a field,
+       _t_i_m_e___s_e_c and _t_i_m_e___5_m_s with the timestamps in the  message,
+       and  _s_w_a_p  with  a  1 if the byte order of the receiver is
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     4
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       different than that of the sender.  (The application  must
+       still determine if it is appropriate to byte-swap applica-
+       tion data; the Kerberos protocol fields are already  taken
+       care  of).  The _h_a_s_h field returns a value useful as input
+       to the _k_r_b___c_k___r_e_p_l routine.
+
+       The routine returns zero if ok, or a Kerberos error  code.
+       Modified messages and old messages cause errors, but it is
+       up to the caller to check the time sequence  of  messages,
+       and  to  check  against  recently  replayed messages using
+       _k_r_b___c_k___r_e_p_l if so desired.
+
+       _k_r_b___m_k___s_a_f_e creates an authenticated, but unencrypted mes-
+       sage from any arbitrary application data, pointed to by _i_n
+       and  _i_n___l_e_n_g_t_h  bytes  long.   The  private  session  key,
+       pointed to by _k_e_y_, is used to seed the _q_u_a_d___c_k_s_u_m_(_) check-
+       sum algorithm used as part of the authentication.   _s_e_n_d_e_r
+       and _r_e_c_e_i_v_e_r point to the Internet address of the two par-
+       ties.  This message does not  provide  privacy,  but  does
+       protect  (via detection) against modifications, insertions
+       or replays.   The  encapsulated  message  and  header  are
+       placed  in  the  area  pointed  to  by _o_u_t and the routine
+       returns the length of the  output,  or  -1  indicating  an
+       error.  The authentication provided by this routine is not
+       as strong as that provided by _k_r_b___m_k___p_r_i_v or by  computing
+       the  checksum  using  _c_b_c___c_k_s_u_m  instead,  both  of  which
+       authenticate via DES.
+
+
+       _k_r_b___r_d___s_a_f_e authenticates a received _k_r_b___m_k___s_a_f_e  message.
+       _i_n  points to the beginning of the received message, whose
+       length is specified in  _i_n___l_e_n_g_t_h_.   The  private  session
+       key,  pointed  to by _k_e_y_, is used to seed the quad_cksum()
+       routine as part of  the  authentication.   _m_s_g___d_a_t_a  is  a
+       pointer  to a _M_S_G___D_A_T struct, defined in _k_r_b_._h _.  The rou-
+       tine fills in these _M_S_G___D_A_T  fields:  the  _a_p_p___d_a_t_a  field
+       with  a  pointer  to the application data, _a_p_p___l_e_n_g_t_h with
+       the length of the _a_p_p___d_a_t_a field,  _t_i_m_e___s_e_c  and  _t_i_m_e___5_m_s
+       with  the  timestamps in the message, and _s_w_a_p with a 1 if
+       the byte order of the receiver is different than  that  of
+       the  sender.   (The application must still determine if it
+       is appropriate to byte-swap application data; the Kerberos
+       protocol  fields  are  already  taken  care of).  The _h_a_s_h
+       field returns a value useful as input to  the  _k_r_b___c_k___r_e_p_l
+       routine.
+
+       The  routine returns zero if ok, or a Kerberos error code.
+       Modified messages and old messages cause errors, but it is
+       up  to  the caller to check the time sequence of messages,
+       and to check  against  recently  replayed  messages  using
+       _k_r_b___c_k___r_e_p_l if so desired.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     5
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+       _k_r_b___m_k___e_r_r  constructs  an application level error message
+       that may be used along with  _k_r_b___m_k___p_r_i_v  or  _k_r_b___m_k___s_a_f_e_.
+       _o_u_t is a pointer to the output buffer, _c_o_d_e is an applica-
+       tion specific error code, and  _s_t_r_i_n_g  is  an  application
+       specific error string.
+
+
+       _k_r_b___r_d___e_r_r  unpacks  a  received  _k_r_b___m_k___e_r_r  message.  _i_n
+       points to the beginning of  the  received  message,  whose
+       length  is specified in _i_n___l_e_n_g_t_h_.  _c_o_d_e is a pointer to a
+       value to be filled in with the error value provided by the
+       application.   _m_s_g___d_a_t_a  is a pointer to a _M_S_G___D_A_T struct,
+       defined in _k_r_b_._h _.  The routine  fills  in  these  _M_S_G___D_A_T
+       fields:  the _a_p_p___d_a_t_a field with a pointer to the applica-
+       tion  error  text,  _a_p_p___l_e_n_g_t_h  with  the  length  of  the
+       _a_p_p___d_a_t_a field, and _s_w_a_p with a 1 if the byte order of the
+       receiver is different  than  that  of  the  sender.   (The
+       application  must  still determine if it is appropriate to
+       byte-swap application data; the Kerberos  protocol  fields
+       are already taken care of).
+
+       The  routine  returns  zero  if the error message has been
+       successfully received, or a Kerberos error code.
+
+       The _K_T_E_X_T structure is used to pass around text of varying
+       lengths.   It  consists  of  a  buffer for the data, and a
+       length.  krb_rd_req takes an argument of  this  type  con-
+       taining  the  authenticator,  and  krb_mk_req  returns the
+       authenticator in a structure of this type.   KTEXT  itself
+       is  really a pointer to the structure.   The actual struc-
+       ture is of type KTEXT_ST.
+
+       The _A_U_T_H___D_A_T structure is filled  in  by  krb_rd_req.   It
+       must be allocated before calling krb_rd_req, and a pointer
+       to it is passed.  The structure is  filled  in  with  data
+       obtained from Kerberos.  _M_S_G___D_A_T structure is filled in by
+       either krb_rd_priv, krb_rd_safe, or krb_rd_err.   It  must
+       be  allocated  before  the  call  and  a  pointer to it is
+       passed.  The structure is filled  in  with  data  obtained
+       from Kerberos.
+
+
+FFIILLEESS
+       /usr/include/kerberosIV/krb.h
+       /usr/lib/libkrb.a
+       /usr/include/kerberosIV/des.h
+       /usr/lib/libdes.a
+       /etc/kerberosIV/aname
+       /etc/kerberosIV/srvtab
+       /tmp/tkt[uid]
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     6
+
+
+
+
+
+
+
+
+KERBEROS(3)          BSD Programmer's Manual          KERBEROS(3)
+
+
+SSEEEE AALLSSOO
+       kerberos(1), des_crypt(3)
+
+DDIIAAGGNNOOSSTTIICCSS
+BBUUGGSS
+       The  caller  of  _k_r_b___r_d___r_e_q_,  _k_r_b___r_d___p_r_i_v_, _a_n_d _k_r_b___r_d___s_a_f_e
+       must  check  time   order   and   for   replay   attempts.
+       _k_r_b___c_k___r_e_p_l is not implemented yet.
+
+AAUUTTHHOORRSS
+       Clifford Neuman, MIT Project Athena
+       Steve  Miller, MIT Project Athena/Digital Equipment Corpo-
+       ration
+
+RREESSTTRRIICCTTIIOONNSS
+       COPYRIGHT 1985,1986,1989 Massachusetts Institute of  Tech-
+       nology
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     7
+
+
+
+
+
diff --git a/usr/share/man/cat3/krb_set_tkt_string.0 b/usr/share/man/cat3/krb_set_tkt_string.0
new file mode 100644
index 0000000000..3fe3198d2e
--- /dev/null
+++ b/usr/share/man/cat3/krb_set_tkt_string.0
@@ -0,0 +1,66 @@
+
+
+
+KRB_SET_TKT_STRING(3)BSD Programmer's ManualKRB_SET_TKT_STRING(3)
+
+
+NNAAMMEE
+       krb_set_tkt_string - set Kerberos ticket cache file name
+
+SSYYNNOOPPSSIISS
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//kkrrbb..hh>>
+
+       vvooiidd kkrrbb__sseett__ttkktt__ssttrriinngg((ffiilleennaammee))
+       cchhaarr **ffiilleennaammee;;
+
+DDEESSCCRRIIPPTTIIOONN
+       _k_r_b___s_e_t___t_k_t___s_t_r_i_n_g  sets  the  name of the file that holds
+       the user's cache of Kerberos server tickets and associated
+       session keys.
+
+       The  string  _f_i_l_e_n_a_m_e passed in is copied into local stor-
+       age.  Only MAXPATHLEN-1 (see <sys/param.h>) characters  of
+       the filename are copied in for use as the cache file name.
+
+       This  routine  should  be  called  during  initialization,
+       before  other  Kerberos routines are called; otherwise the
+       routines which fetch the ticket cache  file  name  may  be
+       called and return an undesired ticket file name until this
+       routine is called.
+
+FFIILLEESS
+       /tmp/tkt[uid]       default ticket file name,  unless  the
+                           environment variable KRBTKFILE is set.
+                           [uid] denotes the user's uid, in deci-
+                           mal.
+
+SSEEEE AALLSSOO
+       kerberos(3), setenv(3)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
diff --git a/usr/share/man/cat3/ksend.0 b/usr/share/man/cat3/ksend.0
new file mode 100644
index 0000000000..881666b67e
--- /dev/null
+++ b/usr/share/man/cat3/ksend.0
@@ -0,0 +1,264 @@
+
+
+
+KRB_SENDAUTH(3)      BSD Programmer's Manual      KRB_SENDAUTH(3)
+
+
+NNAAMMEE
+       krb_sendauth,  krb_recvauth, krb_net_write, krb_net_read -
+       Kerberos routines for sending authentication  via  network
+       stream sockets
+
+SSYYNNOOPPSSIISS
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//kkrrbb..hh>>
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//ddeess..hh>>
+       ##iinncclluuddee <<nneettiinneett//iinn..hh>>
+
+
+       iinntt kkrrbb__sseennddaauutthh((ooppttiioonnss,, ffdd,, kktteexxtt,, sseerrvviiccee,, iinnsstt,, rreeaallmm,,
+                 cchheecckkssuumm,,  mmssgg__ddaattaa,,  ccrreedd,,   sscchheedduullee,,   llaaddddrr,,
+                 ffaaddddrr,, vveerrssiioonn))
+       lloonngg ooppttiioonnss;;
+       iinntt ffdd;;
+       KKTTEEXXTT kktteexxtt;;
+       cchhaarr **sseerrvviiccee,, **iinnsstt,, **rreeaallmm;;
+       uu__lloonngg cchheecckkssuumm;;
+       MMSSGG__DDAATT **mmssgg__ddaattaa;;
+       CCRREEDDEENNTTIIAALLSS **ccrreedd;;
+       KKeeyy__sscchheedduullee sscchheedduullee;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **llaaddddrr,, **ffaaddddrr;;
+       cchhaarr **vveerrssiioonn;;
+
+
+       iinntt kkrrbb__rreeccvvaauutthh((ooppttiioonnss,, ffdd,, kktteexxtt,, sseerrvviiccee,, iinnsstt,, ffaaddddrr,,
+                 llaaddddrr,, aauutthh__ddaattaa,, ffiilleennaammee,, sscchheedduullee,, vveerrssiioonn))
+       lloonngg ooppttiioonnss;;
+       iinntt ffdd;;
+       KKTTEEXXTT kktteexxtt;;
+       cchhaarr **sseerrvviiccee,, **iinnsstt;;
+       ssttrruucctt ssoocckkaaddddrr__iinn **ffaaddddrr,, **llaaddddrr;;
+       AAUUTTHH__DDAATT **aauutthh__ddaattaa;;
+       cchhaarr **ffiilleennaammee;;
+       KKeeyy__sscchheedduullee sscchheedduullee;;
+       cchhaarr **vveerrssiioonn;;
+
+       iinntt kkrrbb__nneett__wwrriittee((ffdd,, bbuuff,, lleenn))
+       iinntt ffdd;;
+       cchhaarr **bbuuff;;
+       iinntt lleenn;;
+
+       iinntt kkrrbb__nneett__rreeaadd((ffdd,, bbuuff,, lleenn))
+       iinntt ffdd;;
+       cchhaarr **bbuuff;;
+       iinntt lleenn;;
+
+DDEESSCCRRIIPPTTIIOONN
+       These functions, which are built on top of the  core  Ker-
+       beros  library,  provide a convenient means for client and
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
+
+
+
+KRB_SENDAUTH(3)      BSD Programmer's Manual      KRB_SENDAUTH(3)
+
+
+       server programs to send  authentication  messages  to  one
+       another  through  network  connections.   The _k_r_b___s_e_n_d_a_u_t_h
+       function sends an authenticated  ticket  from  the  client
+       program  to  the server program by writing the ticket to a
+       network socket.  The _k_r_b___r_e_c_v_a_u_t_h  function  receives  the
+       ticket from the client by reading from a network socket.
+
+
+KKRRBB__SSEENNDDAAUUTTHH
+       This  function  writes  the  ticket  to the network socket
+       specified by the file descriptor _f_d_, returning KSUCCESS if
+       the  write  proceeds successfully, and an error code if it
+       does not.
+
+       The _k_t_e_x_t argument should point to an  allocated  KTEXT_ST
+       structure.  The _s_e_r_v_i_c_e_, _i_n_s_t_, and _r_e_a_l_m arguments specify
+       the server program's Kerberos  principal  name,  instance,
+       and  realm.   If  you  are  writing a client that uses the
+       local realm exclusively, you can set the _r_e_a_l_m argument to
+       NULL.
+
+       The  _v_e_r_s_i_o_n argument allows the client program to pass an
+       application-specific version string that the  server  pro-
+       gram  can  then match against its own version string.  The
+       _v_e_r_s_i_o_n string can be up to  KSEND_VNO_LEN  (see  _<_k_r_b_._h_>)
+       characters in length.
+
+       The  _c_h_e_c_k_s_u_m argument can be used to pass checksum infor-
+       mation to the  server  program.   The  client  program  is
+       responsible  for specifying this information.  This check-
+       sum  information   is   difficult   to   corrupt   because
+       _k_r_b___s_e_n_d_a_u_t_h passes it over the network in encrypted form.
+       The _c_h_e_c_k_s_u_m argument is passed as the  checksum  argument
+       to _k_r_b___m_k___r_e_q.
+
+       You  can set _k_r_b___s_e_n_d_a_u_t_h_'_s other arguments to NULL unless
+       you want  the  client  and  server  programs  to  mutually
+       authenticate  themselves.  In the case of mutual authenti-
+       cation, the client authenticates itself to the server pro-
+       gram,  and  demands  that  the server in turn authenticate
+       itself to the client.
+
+
+KKRRBB__SSEENNDDAAUUTTHH AANNDD MMUUTTUUAALL AAUUTTHHEENNTTIICCAATTIIOONN
+       If you want mutual authentication, make sure that you read
+       all  pending  data  from  the  local socket before calling
+       _k_r_b___s_e_n_d_a_u_t_h_.   Set  _k_r_b___s_e_n_d_a_u_t_h_'_s  _o_p_t_i_o_n_s  argument  to
+       KKOOPPTT__DDOO__MMUUTTUUAALL  (this macro is defined in the _k_r_b_._h file);
+       make sure that the _l_a_d_d_r argument points to the address of
+       the  local  socket,  and  that _f_a_d_d_r points to the foreign
+       socket's network address.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     2
+
+
+
+
+
+
+
+
+KRB_SENDAUTH(3)      BSD Programmer's Manual      KRB_SENDAUTH(3)
+
+
+       _K_r_b___s_e_n_d_a_u_t_h fills  in  the  other  arguments--  _m_s_g___d_a_t_a,
+       _c_r_e_d,  and  _s_c_h_e_d_u_l_e--before  sending  the  ticket  to the
+       server program.  You must,  however,  allocate  space  for
+       these arguments before calling the function.
+
+       _K_r_b___s_e_n_d_a_u_t_h supports two other options: KKOOPPTT__DDOONNTT__MMKK__RREEQQ,,
+       and  KKOOPPTT__DDOONNTT__CCAANNOONN..   If  called  with  _o_p_t_i_o_n_s  set  as
+       KOPT_DONT_MK_REQ, _k_r_b___s_e_n_d_a_u_t_h will not use the _k_r_b___m_k___r_e_q
+       function to retrieve the ticket from the Kerberos  server.
+       The  _k_t_e_x_t  argument  must point to an existing ticket and
+       authenticator (such as would be  created  by  _k_r_b___m_k___r_e_q),
+       and  the  _s_e_r_v_i_c_e_, _i_n_s_t_, and _r_e_a_l_m arguments can be set to
+       NULL.
+
+       If   called   with   _o_p_t_i_o_n_s   set   as   KOPT_DONT_CANON,
+       _k_r_b___s_e_n_d_a_u_t_h  will  not  convert the service's instance to
+       canonical form using _k_r_b___g_e_t___p_h_o_s_t(3).
+
+       If you want to call _k_r_b___s_e_n_d_a_u_t_h with a  multiple  _o_p_t_i_o_n_s
+       specification,  construct  _o_p_t_i_o_n_s  as a bitwise-OR of the
+       options you want to specify.
+
+
+KKRRBB__RREECCVVAAUUTTHH
+       The _k_r_b___r_e_c_v_a_u_t_h  function  reads  a  ticket/authenticator
+       pair  from  the socket pointed to by the _f_d argument.  Set
+       the _o_p_t_i_o_n_s  argument  as  a  bitwise-OR  of  the  options
+       desired.   Currently  only KOPT_DO_MUTUAL is useful to the
+       receiver.
+
+       The _k_t_e_x_t argument should point to an  allocated  KTEXT_ST
+       structure.     _K_r_b___r_e_c_v_a_u_t_h    fills    _k_t_e_x_t   with   the
+       ticket/authenticator pair read from _f_d, then passes it  to
+       _k_r_b___r_d___r_e_q.
+
+       The  _s_e_r_v_i_c_e  and _i_n_s_t arguments specify the expected ser-
+       vice and instance for  which  the  ticket  was  generated.
+       They are also passed to _k_r_b___r_d___r_e_q_.  The _i_n_s_t argument may
+       be set to "*" if the caller wishes _k_r_b___m_k___r_e_q to  fill  in
+       the  instance  used  (note that there must be space in the
+       _i_n_s_t  argument  to  hold  a  full   instance   name,   see
+       _k_r_b___m_k___r_e_q(3)).
+
+       The _f_a_d_d_r argument should point to the address of the peer
+       which is presenting the ticket.   It  is  also  passed  to
+       _k_r_b___r_d___r_e_q.
+
+       If the client and server plan to mutually authenticate one
+       another, the _l_a_d_d_r argument  should  point  to  the  local
+       address  of  the  file  descriptor.  Otherwise you can set
+       this argument to NULL.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     3
+
+
+
+
+
+
+
+
+KRB_SENDAUTH(3)      BSD Programmer's Manual      KRB_SENDAUTH(3)
+
+
+       The  _a_u_t_h___d_a_t_a  argument  should  point  to  an  allocated
+       AUTH_DAT   area.   It  is  passed  to  and  filled  in  by
+       _k_r_b___r_d___r_e_q.  The  checksum  passed  to  the  corresponding
+       _k_r_b___s_e_n_d_a_u_t_h   is  available  as  part  of  the  filled-in
+       AUTH_DAT area.
+
+       The _f_i_l_e_n_a_m_e argument specifies  the  filename  which  the
+       service  program  should  use  to  obtain its service key.
+       _K_r_b___r_e_c_v_a_u_t_h passes _f_i_l_e_n_a_m_e to the  _k_r_b___r_d___r_e_q  function.
+       If  you  set this argument to "", _k_r_b___r_d___r_e_q looks for the
+       service key in the file _/_e_t_c_/_k_e_r_b_e_r_o_s_I_V_/_s_r_v_t_a_b_.
+
+       If the client and server are performing mutual authentica-
+       tion,  the  _s_c_h_e_d_u_l_e argument should point to an allocated
+       Key_schedule.  Otherwise it is ignored and may be NULL.
+
+       The _v_e_r_s_i_o_n argument should point to a character array  of
+       at  least  KSEND_VNO_LEN characters.  It is filled in with
+       the version string passed by the client to _k_r_b___s_e_n_d_a_u_t_h_.
+
+
+KKRRBB__NNEETT__WWRRIITTEE AANNDD KKRRBB__NNEETT__RREEAADD
+       The _k_r_b___n_e_t___w_r_i_t_e function emulates  the  write(2)  system
+       call, but guarantees that all data specified is written to
+       _f_d before returning, unless an error condition occurs.
+
+       The _k_r_b___n_e_t___r_e_a_d  function  emulates  the  read(2)  system
+       call,  but guarantees that the requested amount of data is
+       read from _f_d before returning, unless an  error  condition
+       occurs.
+
+
+BBUUGGSS
+       _k_r_b___s_e_n_d_a_u_t_h_,     _k_r_b___r_e_c_v_a_u_t_h_,     _k_r_b___n_e_t___w_r_i_t_e_,     and
+       _k_r_b___n_e_t___r_e_a_d will not work properly on sockets set to non-
+       blocking I/O mode.
+
+
+SSEEEE AALLSSOO
+       krb_mk_req(3), krb_rd_req(3), krb_get_phost(3)
+
+
+AAUUTTHHOORR
+       John T. Kohl, MIT Project Athena
+
+RREESSTTRRIICCTTIIOONNSS
+       Copyright  1988,  Massachusetts Instititute of Technology.
+       For copying and distribution information, please  see  the
+       file <mit-copyright.h>.
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     4
+
+
+
+
+
diff --git a/usr/share/man/cat3/kuserok.0 b/usr/share/man/cat3/kuserok.0
new file mode 100644
index 0000000000..805d9c2193
--- /dev/null
+++ b/usr/share/man/cat3/kuserok.0
@@ -0,0 +1,66 @@
+
+
+
+KUSEROK(3)           BSD Programmer's Manual           KUSEROK(3)
+
+
+NNAAMMEE
+       kuserok - Kerberos version of ruserok
+
+SSYYNNOOPPSSIISS
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//kkrrbb..hh>>
+
+       kkuusseerrookk((kkddaattaa,, llooccaalluusseerr))
+       AAUUTTHH__DDAATT **aauutthh__ddaattaa;;
+       cchhaarr   **llooccaalluusseerr;;
+
+DDEESSCCRRIIPPTTIIOONN
+       _k_u_s_e_r_o_k  determines whether a Kerberos principal described
+       by the structure _a_u_t_h___d_a_t_a is authorized to login as  user
+       _l_o_c_a_l_u_s_e_r    according    to    the   authorization   file
+       ("~_l_o_c_a_l_u_s_e_r/.klogin" by default).  It returns 0 (zero) if
+       authorized, 1 (one) if not authorized.
+
+       If there is no account for _l_o_c_a_l_u_s_e_r on the local machine,
+       authorization is not granted.  If there is  no  authoriza-
+       tion   file,  and  the  Kerberos  principal  described  by
+       _a_u_t_h___d_a_t_a translates to _l_o_c_a_l_u_s_e_r  (using  _k_r_b___k_n_t_o_l_n(3)),
+       authorization is granted.  If the authorization file can't
+       be accessed, or the file is not owned by _l_o_c_a_l_u_s_e_r_, autho-
+       rization is denied.  Otherwise, the file is searched for a
+       matching principal name, instance, and realm.  If a  match
+       is  found, authorization is granted, else authorization is
+       denied.
+
+       The file entries are in the format:
+                 name.instance@realm
+       with one entry per line.
+
+SSEEEE AALLSSOO
+       kerberos(3), ruserok(3), krb_kntoln(3)
+
+FFIILLEESS
+       ~_l_o_c_a_l_u_s_e_r/.klogin  authorization list
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
diff --git a/usr/share/man/cat3/realm.0 b/usr/share/man/cat3/realm.0
new file mode 100644
index 0000000000..901419e5e6
--- /dev/null
+++ b/usr/share/man/cat3/realm.0
@@ -0,0 +1,198 @@
+
+
+
+KRB_REALMOFHOST(3)   BSD Programmer's Manual   KRB_REALMOFHOST(3)
+
+
+NNAAMMEE
+       krb_realmofhost,       krb_get_phost,      krb_get_krbhst,
+       krb_get_admhst, krb_get_lrealm - additional Kerberos util-
+       ity routines
+
+SSYYNNOOPPSSIISS
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//kkrrbb..hh>>
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//ddeess..hh>>
+       ##iinncclluuddee <<nneettiinneett//iinn..hh>>
+
+       cchhaarr **kkrrbb__rreeaallmmooffhhoosstt((hhoosstt))
+       cchhaarr **hhoosstt;;
+
+       cchhaarr **kkrrbb__ggeett__pphhoosstt((aalliiaass))
+       cchhaarr **aalliiaass;;
+
+       kkrrbb__ggeett__kkrrbbhhsstt((hhoosstt,,rreeaallmm,,nn))
+       cchhaarr **hhoosstt;;
+       cchhaarr **rreeaallmm;;
+       iinntt nn;;
+
+       kkrrbb__ggeett__aaddmmhhsstt((hhoosstt,,rreeaallmm,,nn))
+       cchhaarr **hhoosstt;;
+       cchhaarr **rreeaallmm;;
+       iinntt nn;;
+
+       kkrrbb__ggeett__llrreeaallmm((rreeaallmm,,nn))
+       cchhaarr **rreeaallmm;;
+       iinntt nn;;
+
+DDEESSCCRRIIPPTTIIOONN
+       _k_r_b___r_e_a_l_m_o_f_h_o_s_t  returns  the  Kerberos  realm of the host
+       _h_o_s_t,   as   determined   by   the    translation    table
+       _/_e_t_c_/_k_e_r_b_e_r_o_s_I_V_/_k_r_b_._r_e_a_l_m_s.   _h_o_s_t  should  be  the fully-
+       qualified domain-style primary host name of  the  host  in
+       question.   In  order to prevent certain security attacks,
+       this routine must either have  _a  _p_r_i_o_r_i  knowledge  of  a
+       host's realm, or obtain such information securely.
+
+       The  format  of  the  translation  file  is  described  by
+       _k_r_b_._r_e_a_l_m_s(5).  If _h_o_s_t exactly matches a host_name  line,
+       the  corresponding  realm  is returned.  Otherwise, if the
+       domain portion of _h_o_s_t matches  a  domain_name  line,  the
+       corresponding  realm  is  returned.   If  _h_o_s_t  contains a
+       domain, but no translation is found, _h_o_s_t's domain is con-
+       verted  to  upper-case  and returned.  If _h_o_s_t contains no
+       discernible domain, or an error occurs,  the  local  realm
+       name, as supplied by _k_r_b___g_e_t___l_r_e_a_l_m(3), is returned.
+
+       _k_r_b___g_e_t___p_h_o_s_t  converts  the  hostname _a_l_i_a_s (which can be
+       either an official name or an  alias)  into  the  instance
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
+
+
+
+KRB_REALMOFHOST(3)   BSD Programmer's Manual   KRB_REALMOFHOST(3)
+
+
+       name  to  be  used  in obtaining Kerberos tickets for most
+       services, including the Berkeley rcmd suite (rlogin,  rcp,
+       rsh).
+       The  current  convention is to return the first segment of
+       the official domain-style name after conversion  to  lower
+       case.
+
+       _k_r_b___g_e_t___k_r_b_h_s_t  fills in _h_o_s_t with the hostname of the _nth
+       host running a Kerberos key distribution center (KDC)  for
+       realm  _r_e_a_l_m,  as  specified  in  the  configuration  file
+       (_/_e_t_c_/_k_e_r_b_e_r_o_s_I_V_/_k_r_b_._c_o_n_f).   The  configuration  file  is
+       described  by  _k_r_b_._c_o_n_f(5).   If  the host is successfully
+       filled in, the routine returns KSUCCESS.  If the file can-
+       not  be opened, and _n equals 1, then the value of KRB_HOST
+       as defined in  _<_k_r_b_._h_>  is  filled  in,  and  KSUCCESS  is
+       returned.   If there are fewer than _n hosts running a Ker-
+       beros KDC for the requested realm,  or  the  configuration
+       file is malformed, the routine returns KFAILURE.
+
+       _k_r_b___g_e_t___a_d_m_h_s_t  fills in _h_o_s_t with the hostname of the _nth
+       host running a Kerberos KDC database administration server
+       for  realm  _r_e_a_l_m,  as specified in the configuration file
+       (_/_e_t_c_/_k_e_r_b_e_r_o_s_I_V_/_k_r_b_._c_o_n_f).  If the file cannot be  opened
+       or is malformed, or there are fewer than _n hosts running a
+       Kerberos KDC database administration server,  the  routine
+       returns KFAILURE.
+
+       The   character   arrays   used   as   return  values  for
+       _k_r_b___g_e_t___k_r_b_h_s_t, _k_r_b___g_e_t___a_d_m_h_s_t, should be large enough  to
+       hold any hostname (MAXHOSTNAMELEN from <sys/param.h>).
+
+       _k_r_b___g_e_t___l_r_e_a_l_m  fills  in  _r_e_a_l_m with the _nth realm of the
+       local host, as specified in the configuration file.  _r_e_a_l_m
+       should  be at least REALM_SZ (from _<_k_r_b_._h_>_)characters_l_o_n_g_.
+
+
+SSEEEE AALLSSOO
+       kerberos(3), krb.conf(5), krb.realms(5)
+
+FFIILLEESS
+       /etc/kerberosIV/krb.realms
+                           translation  file  for   host-to-realm
+                           mapping.
+
+       /etc/kerberosIV/krb.conf
+                           local realm-name and realm/server con-
+                           figuration file.
+
+BBUUGGSS
+       The current convention for instance names is too  limited;
+       the full domain name should be used.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     2
+
+
+
+
+
+
+
+
+KRB_REALMOFHOST(3)   BSD Programmer's Manual   KRB_REALMOFHOST(3)
+
+
+       _k_r_b___g_e_t___l_r_e_a_l_m  currently  only supports _n = 1.  It should
+       really consult the user's ticket cache  to  determine  the
+       user's current realm, rather than consulting a file on the
+       host.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     3
+
+
+
+
+
diff --git a/usr/share/man/cat3/tf_util.0 b/usr/share/man/cat3/tf_util.0
new file mode 100644
index 0000000000..05addc81e3
--- /dev/null
+++ b/usr/share/man/cat3/tf_util.0
@@ -0,0 +1,198 @@
+
+
+
+TF_UTIL(3)           BSD Programmer's Manual           TF_UTIL(3)
+
+
+NNAAMMEE
+       tf_init, tf_get_pname, tf_get_pinst, tf_get_cred, tf_close
+       - routines for manipulating a Kerberos ticket file
+
+SSYYNNOOPPSSIISS
+       ##iinncclluuddee <<kkeerrbbeerroossIIVV//kkrrbb..hh>>
+
+       eexxtteerrnn cchhaarr **kkrrbb__eerrrr__ttxxtt[[]];;
+
+       ttff__iinniitt((ttff__nnaammee,, rrww))
+       cchhaarr **ttff__nnaammee;;
+       iinntt rrww;;
+
+       ttff__ggeett__ppnnaammee((ppnnaammee))
+       cchhaarr **ppnnaammee;;
+
+       ttff__ggeett__ppiinnsstt((ppiinnsstt))
+       cchhaarr **ppiinnsstt;;
+
+       ttff__ggeett__ccrreedd((cc))
+       CCRREEDDEENNTTIIAALLSS **cc;;
+
+       ttff__cclloossee(())
+
+
+DDEESSCCRRIIPPTTIIOONN
+       This group of routines are provided to manipulate the Ker-
+       beros  tickets file.  A ticket file has the following for-
+       mat:
+
+           principal's name          (null-terminated string)
+           principal's instance      (null-terminated string)
+           CREDENTIAL_1
+           CREDENTIAL_2
+             ...
+           CREDENTIAL_n
+           EOF
+
+
+       Where "CREDENTIAL_x" consists of the following fixed-length
+       fields from the CREDENTIALS structure (defined in <kerberosIV/krb.h>):
+
+                char      service[ANAME_SZ]
+                char      instance[INST_SZ]
+                char      realm[REALM_SZ]
+                des_cblock     session
+                int       lifetime
+                int       kvno
+                KTEXT_ST  ticket_st
+                long      issue_date
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
+
+
+
+TF_UTIL(3)           BSD Programmer's Manual           TF_UTIL(3)
+
+
+       _t_f___i_n_i_t must be called before the other ticket  file  rou-
+       tines.  It takes the name of the ticket file to use, and a
+       read/write flag as arguments.  It tries to open the ticket
+       file, checks the mode and if everything is okay, locks the
+       file.  If it's opened for reading, the lock is shared.  If
+       it's  opened for writing, the lock is exclusive.  KSUCCESS
+       is returned if all went well, otherwise one of the follow-
+       ing:
+
+       NO_TKT_FIL     - file wasn't there
+       TKT_FIL_ACC    - file was in wrong mode, etc.
+       TKT_FIL_LCK    - couldn't lock the file, even after a retry
+
+
+       The  _t_f___g_e_t___p_n_a_m_e reads the principal's name from a ticket
+       file.  It should only be called  after  tf_init  has  been
+       called.   The  principal's  name  is filled into the _p_n_a_m_e
+       parameter.  If all goes well, KSUCCESS  is  returned.   If
+       tf_init  wasn't  called,  TKT_FIL_INI is returned.  If the
+       principal's name was null, or EOF was encountered, or  the
+       name was longer than ANAME_SZ, TKT_FIL_FMT is returned.
+
+       The  _t_f___g_e_t___p_i_n_s_t  reads  the  principal's instance from a
+       ticket file.  It should only be called after  tf_init  and
+       tf_get_pname  have  been called.  The principal's instance
+       is filled into the _p_i_n_s_t parameter.   If  all  goes  well,
+       KSUCCESS   is   returned.    If   tf_init  wasn't  called,
+       TKT_FIL_INI is returned.  If EOF was encountered,  or  the
+       name  was  longer  than  INST_SZ, TKT_FIL_FMT is returned.
+       Note that, unlike the principal name,  the  instance  name
+       may be null.
+
+       The  _t_f___g_e_t___c_r_e_d routine reads a CREDENTIALS record from a
+       ticket file and fills in the given structure.   It  should
+       only   be   called   after   tf_init,   tf_get_pname,  and
+       tf_get_pinst have been called.  If all goes well, KSUCCESS
+       is returned.  Possible error codes are:
+
+       TKT_FIL_INI    - tf_init wasn't called first
+       TKT_FIL_FMT    - bad format
+       EOF       - end of file encountered
+
+
+       _t_f___c_l_o_s_e  closes  the ticket file and releases the lock on
+       it.
+
+SSEEEE AALLSSOO
+       krb(3)
+
+DDIIAAGGNNOOSSTTIICCSS
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     2
+
+
+
+
+
+
+
+
+TF_UTIL(3)           BSD Programmer's Manual           TF_UTIL(3)
+
+
+BBUUGGSS
+       The ticket file routines have to be called  in  a  certain
+       order.
+
+AAUUTTHHOORRSS
+       Jennifer Steiner, MIT Project Athena
+       Bill Bryant, MIT Project Athena
+
+RREESSTTRRIICCTTIIOONNSS
+       Copyright 1987 Massachusetts Institute of Technology
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     3
+
+
+
+
+
diff --git a/usr/share/man/cat5/krb.conf.0 b/usr/share/man/cat5/krb.conf.0
new file mode 100644
index 0000000000..1903aebe80
--- /dev/null
+++ b/usr/share/man/cat5/krb.conf.0
@@ -0,0 +1,66 @@
+
+
+
+KRB.CONF(5)          BSD Programmer's Manual          KRB.CONF(5)
+
+
+NNAAMMEE
+       /etc/kerberosIV/krb.conf - Kerberos configuration file
+
+DDEESSCCRRIIPPTTIIOONN
+       _k_r_b_._c_o_n_f contains configuration information describing the
+       Kerberos realm and the Kerberos  key  distribution  center
+       (KDC) servers for known realms.
+
+       _k_r_b_._c_o_n_f contains the name of the local realm in the first
+       line, followed by  lines  indicating  realm/host  entries.
+       The  first  token  is  a realm name, and the second is the
+       hostname of a host running a  KDC  for  that  realm.   The
+       words  "admin server" following the hostname indicate that
+       the host also provides an administrative database  server.
+       For example:
+                 ATHENA.MIT.EDU
+                 ATHENA.MIT.EDU kerberos-1.mit.edu admin server
+                 ATHENA.MIT.EDU kerberos-2.mit.edu
+                 LCS.MIT.EDU kerberos.lcs.mit.edu admin server
+
+SSEEEE AALLSSOO
+       krb.realms(5), krb_get_krbhst(3), krb_get_lrealm(3)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
diff --git a/usr/share/man/cat5/krb.realms.0 b/usr/share/man/cat5/krb.realms.0
new file mode 100644
index 0000000000..520e83ffa5
--- /dev/null
+++ b/usr/share/man/cat5/krb.realms.0
@@ -0,0 +1,66 @@
+
+
+
+KRB.REALMS(5)        BSD Programmer's Manual        KRB.REALMS(5)
+
+
+NNAAMMEE
+       /etc/kerberosIV/krb.realms - host to Kerberos realm trans-
+       lation file
+
+DDEESSCCRRIIPPTTIIOONN
+       _k_r_b_._r_e_a_l_m_s provides a translation from a hostname  to  the
+       Kerberos  realm  name  for  the  services provided by that
+       host.
+
+       Each line of the translation file is in one of the follow-
+       ing  forms  (domain_name  should  be of the form .XXX.YYY,
+       e.g. .LCS.MIT.EDU):
+            host_name kerberos_realm
+            domain_name kerberos_realm
+       If a hostname exactly matches the  _h_o_s_t___n_a_m_e  field  in  a
+       line  of  the  first  form, the corresponding realm is the
+       realm of the host.  If  a  hostname  does  not  match  any
+       _h_o_s_t___n_a_m_e  in the file, but its domain exactly matches the
+       _d_o_m_a_i_n___n_a_m_e field in a line of the second form, the corre-
+       sponding realm is the realm of the host.
+
+       If  no translation entry applies, the host's realm is con-
+       sidered to be the hostname's domain portion  converted  to
+       upper case.
+
+SSEEEE AALLSSOO
+       krb_realmofhost(3)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
diff --git a/usr/share/man/cat8/ext_srvtab.0 b/usr/share/man/cat8/ext_srvtab.0
new file mode 100644
index 0000000000..44f5f1f6cc
--- /dev/null
+++ b/usr/share/man/cat8/ext_srvtab.0
@@ -0,0 +1,66 @@
+
+
+
+EXT_SRVTAB(8)      BSD System Manager's Manual      EXT_SRVTAB(8)
+
+
+NNAAMMEE
+       ext_srvtab  -  extract service key files from Kerberos key
+       distribution center database
+
+SSYYNNOOPPSSIISS
+       ext_srvtab [ --nn ] [ --rr rreeaallmm ] [ hhoossttnnaammee ......  ]
+
+DDEESSCCRRIIPPTTIIOONN
+       _e_x_t___s_r_v_t_a_b extracts service key files  from  the  Kerberos
+       key distribution center (KDC) database.
+
+       Upon  execution,  it  prompts the user to enter the master
+       key string for the database.  If the --nn option  is  speci-
+       fied,  the  master  key is instead fetched from the master
+       key cache file.
+
+       For  each  _h_o_s_t_n_a_m_e  specified  on   the   command   line,
+       _e_x_t___s_r_v_t_a_b  creates  the  service  key  file _h_o_s_t_n_a_m_e-new-
+       srvtab, containing all the entries in the database with an
+       instance  field  of  _h_o_s_t_n_a_m_e_.  This new file contains all
+       the keys registered for Kerberos-mediated service  provid-
+       ing  programs which use the _k_r_b___g_e_t___p_h_o_s_t(3) principal and
+       instance conventions to run on the host _h_o_s_t_n_a_m_e.  If  the
+       --rr  option is specified, the realm fields in the extracted
+       file will match the given  realm  rather  than  the  local
+       realm.
+
+DDIIAAGGNNOOSSTTIICCSS
+       "verify_master_key: Invalid master key, does not match
+                           database."
+                           The  master  key  string  entered  was
+                           incorrect.
+
+FFIILLEESS
+       _h_o_s_t_n_a_m_e-new-srvtab Service key file generated  for  _h_o_s_t_-
+                           _n_a_m_e
+
+       /etc/kerberosIV/principal.pag,
+                           /etc/kerberosIV/principal.dir
+                           DBM files containing database
+
+       /etc/kerberosIV/master_key
+                           Master key cache file.
+
+SSEEEE AALLSSOO
+       read_service_key(3), krb_get_phost(3)
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
diff --git a/usr/share/man/cat8/kdb_destroy.0 b/usr/share/man/cat8/kdb_destroy.0
new file mode 100644
index 0000000000..feeeb02817
--- /dev/null
+++ b/usr/share/man/cat8/kdb_destroy.0
@@ -0,0 +1,66 @@
+
+
+
+KDB_DESTROY(8)     BSD System Manager's Manual     KDB_DESTROY(8)
+
+
+NNAAMMEE
+       kdb_destroy  -  destroy  Kerberos  key distribution center
+       database
+
+SSYYNNOOPPSSIISS
+       kdb_destroy
+
+DDEESSCCRRIIPPTTIIOONN
+       _k_d_b___d_e_s_t_r_o_y deletes a  Kerberos  key  distribution  center
+       database.
+
+       The user is prompted to verify that the database should be
+       destroyed.  A response beginning with `y' or `Y'  confirms
+       deletion.  Any other response aborts deletion.
+
+DDIIAAGGNNOOSSTTIICCSS
+       "Database cannot be deleted at /etc/kerberosIV/principal"
+                           The  attempt  to  delete  the database
+                           failed (probably due to  a  system  or
+                           access permission error).
+
+       "Database not deleted."
+                           The user aborted the deletion.
+
+FFIILLEESS
+       /etc/kerberosIV/principal.pag,
+                           /etc/kerberosIV/principal.dir
+                           DBM files containing database
+
+SSEEEE AALLSSOO
+       kdb_init(8)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
diff --git a/usr/share/man/cat8/kdb_edit.0 b/usr/share/man/cat8/kdb_edit.0
new file mode 100644
index 0000000000..4c9a9a2606
--- /dev/null
+++ b/usr/share/man/cat8/kdb_edit.0
@@ -0,0 +1,66 @@
+
+
+
+KDB_EDIT(8)        BSD System Manager's Manual        KDB_EDIT(8)
+
+
+NNAAMMEE
+       kdb_edit  -   Kerberos  key  distribution  center database
+       editing utility
+
+SSYYNNOOPPSSIISS
+       kdb_edit [ --nn ]
+
+DDEESSCCRRIIPPTTIIOONN
+       _k_d_b___e_d_i_t is used to create or change principals stored  in
+       the Kerberos key distribution center (KDC) database.
+
+       When  executed, _k_d_b___e_d_i_t prompts for the master key string
+       and verifies that it matches the master key stored in  the
+       database.   If  the --nn option is specified, the master key
+       is instead fetched from the master key cache file.
+
+       Once the master key has been verified, _k_d_b___e_d_i_t  begins  a
+       prompt  loop.   The user is prompted for the principal and
+       instance to be modified.  If the entry is  not  found  the
+       user  may  create  it.  Once an entry is found or created,
+       the user may set the password,  expiration  date,  maximum
+       ticket   lifetime,  and  attributes.   Default  expiration
+       dates, maximum ticket lifetimes, and attributes  are  pre-
+       sented in brackets; if the user presses return the default
+       is selected.  There is no default password.  The  password
+       RANDOM  is  interpreted specially, and if entered the user
+       may have the program select a random DES key for the prin-
+       cipal.
+
+       Upon  successfully  creating or changing the entry, ``Edit
+       O.K.'' is printed.
+
+DDIIAAGGNNOOSSTTIICCSS
+       "verify_master_key: Invalid master key, does not match
+                           database."
+                           The  master  key  string  entered  was
+                           incorrect.
+
+FFIILLEESS
+       /etc/kerberosIV/principal.pag,
+                           /etc/kerberosIV/principal.dir
+                           DBM files containing database
+
+       /etc/kerberosIV/master_key
+                           Master key cache file.
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
diff --git a/usr/share/man/cat8/kdb_init.0 b/usr/share/man/cat8/kdb_init.0
new file mode 100644
index 0000000000..92da199153
--- /dev/null
+++ b/usr/share/man/cat8/kdb_init.0
@@ -0,0 +1,66 @@
+
+
+
+KDB_INIT(8)        BSD System Manager's Manual        KDB_INIT(8)
+
+
+NNAAMMEE
+       kdb_init  -  initialize  Kerberos  key distribution center
+       database
+
+SSYYNNOOPPSSIISS
+       kdb_init [ rreeaallmm ]
+
+DDEESSCCRRIIPPTTIIOONN
+       _k_d_b___i_n_i_t initializes a Kerberos  key  distribution  center
+       database, creating the necessary principals.
+
+       If  the  optional  _r_e_a_l_m argument is not present, _k_d_b___i_n_i_t
+       prompts for a realm name (defaulting to the definition  in
+       /usr/include/krb.h).   After  determining  the realm to be
+       created, it prompts for a master key password.  The master
+       key  password  is  used  to  encrypt  every encryption key
+       stored in the database.
+
+DDIIAAGGNNOOSSTTIICCSS
+       "/etc/kerberosIV/principal: File exists"
+                           An  attempt  was  made  to  create   a
+                           database  on  a  machine which already
+                           had an existing database.
+
+FFIILLEESS
+       /etc/kerberosIV/principal.pag,
+                           /etc/kerberosIV/principal.dir
+                           DBM files containing database
+
+       /usr/include/kerberosIV/krb.h
+                           Include file defining default realm
+
+SSEEEE AALLSSOO
+       kdb_destroy(8)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
diff --git a/usr/share/man/cat8/kdb_util.0 b/usr/share/man/cat8/kdb_util.0
new file mode 100644
index 0000000000..5215eabe68
--- /dev/null
+++ b/usr/share/man/cat8/kdb_util.0
@@ -0,0 +1,132 @@
+
+
+
+KDB_UTIL(8)        BSD System Manager's Manual        KDB_UTIL(8)
+
+
+NNAAMMEE
+       kdb_util  -   Kerberos  key  distribution  center database
+       utility
+
+SSYYNNOOPPSSIISS
+       kdb_util ooppeerraattiioonn ffiilleennaammee
+
+DDEESSCCRRIIPPTTIIOONN
+       _k_d_b___u_t_i_l allows the Kerberos key distribution center (KDC)
+       database administrator to perform utility functions on the
+       database.
+
+       _O_p_e_r_a_t_i_o_n must be one of the following:
+
+       _l_o_a_d      initializes the KDC database  with  the  records
+                 described  by  the  text  contained  in the file
+                 _f_i_l_e_n_a_m_e.  Any existing database is overwritten.
+
+       _d_u_m_p      dumps  the  KDC database into a text representa-
+                 tion in the file _f_i_l_e_n_a_m_e.
+
+       _s_l_a_v_e___d_u_m_p
+                 performs a database dump like  the  _d_u_m_p  opera-
+                 tion,  and additionally creates a semaphore file
+                 signaling  the  propagation  software  that   an
+                 update  is  available  for distribution to slave
+                 KDC databases.
+
+       _n_e_w___m_a_s_t_e_r___k_e_y
+                 prompts for the old and new master key  strings,
+                 and then dumps the KDC database into a text rep-
+                 resentation in the file _f_i_l_e_n_a_m_e.  The  keys  in
+                 the text representation are encrypted in the new
+                 master key.
+
+       _c_o_n_v_e_r_t___o_l_d___d_b
+                 prompts for the  master  key  string,  and  then
+                 dumps  the  KDC database into a text representa-
+                 tion  in  the  file  _f_i_l_e_n_a_m_e.    The   existing
+                 database  is  assumed  to be encrypted using the
+                 old format (encrypted by the key schedule of the
+                 master  key);  the  dumped database is encrypted
+                 using the new format  (encrypted  directly  with
+                 master key).
+
+
+DDIIAAGGNNOOSSTTIICCSS
+       "verify_master_key: Invalid master key, does not match
+                           database."
+                           The  master  key  string  entered  was
+                           incorrect.
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
+
+
+
+KDB_UTIL(8)        BSD System Manager's Manual        KDB_UTIL(8)
+
+
+FFIILLEESS
+       /etc/kerberosIV/principal.pag,
+                           /etc/kerberosIV/principal.dir
+                           DBM files containing database
+
+       _f_i_l_e_n_a_m_e.ok         semaphore  file created by _s_l_a_v_e___d_u_m_p_.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     2
+
+
+
+
+
diff --git a/usr/share/man/cat8/kstash.0 b/usr/share/man/cat8/kstash.0
new file mode 100644
index 0000000000..a562467b7c
--- /dev/null
+++ b/usr/share/man/cat8/kstash.0
@@ -0,0 +1,66 @@
+
+
+
+KSTASH(8)          BSD System Manager's Manual          KSTASH(8)
+
+
+NNAAMMEE
+       kstash  -  stash Kerberos key distribution center database
+       master key
+
+SSYYNNOOPPSSIISS
+       kstash
+
+DDEESSCCRRIIPPTTIIOONN
+       _k_s_t_a_s_h saves the Kerberos key  distribution  center  (KDC)
+       database master key in the master key cache file.
+
+       The  user  is  prompted  to  enter  the key, to verify the
+       authenticity of the key and the authorization to store the
+       key in the file.
+
+DDIIAAGGNNOOSSTTIICCSS
+       "verify_master_key: Invalid master key, does not match
+                           database."
+                           The  master  key  string  entered  was
+                           incorrect.
+
+       "kstash: Unable to open master key file"
+                           The attempt to open the cache file for
+                           writing failed (probably due to a sys-
+                           tem or access permission error).
+
+       "kstash: Write I/O error on master key file"
+                           The wwrriittee(2) system call  returned  an
+                           error  while  _k_s_t_a_s_h was attempting to
+                           write the key to the file.
+
+FFIILLEESS
+       /etc/kerberosIV/principal.pag,
+                           /etc/kerberosIV/principal.dir
+                           DBM files containing database
+
+       /etc/kerberosIV/master_key
+                           Master key cache file.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+MIT Project Athena     Kerberos Version 4.0                     1
+
+
+
+
+
diff --git a/usr/share/man/cat8/make_keypair.0 b/usr/share/man/cat8/make_keypair.0
new file mode 100644
index 0000000000..e1919261a4
--- /dev/null
+++ b/usr/share/man/cat8/make_keypair.0
@@ -0,0 +1,31 @@
+MAKE_KEYPAIR(8)           BSD System Manager's Manual          MAKE_KEYPAIR(8)
+
+NNAAMMEE
+     mmaakkee__kkeeyyppaaiirr - generate Kerberos host key pair
+
+SSYYNNOOPPSSIISS
+     mmaakkee__kkeeyyppaaiirr _h_o_s_t_n_a_m_e [_h_o_s_t_n_a_m_e _._._.]
+
+DDEESSCCRRIIPPTTIIOONN
+     The mmaakkee__kkeeyyppaaiirr command is used to create pairs of DES keys for each
+     _h_o_s_t_n_a_m_e. The keys are used by privileged programs such as register(1) to
+     make remote updates to the Kerberos database without having to have first
+     acquired a Kerberos ticket granting ticket (TGT). The keys created by
+     mmaakkee__kkeeyyppaaiirr are placed (by hand) in the filesystems of the kerberos
+     server in _/_e_t_c_/_k_e_r_b_e_r_o_s_I_V_/_r_e_g_i_s_t_e_r___k_e_y_s, and in the root directory of the
+     clients.  For example, the file _/_._u_p_d_a_t_e_._k_e_y_1_2_8_._3_2_._1_3_0_._3 would contain a
+     copy of the key of the client with IP address 128.32.130.3.  These keys
+     provide a shared secret which may be used to establish a secure channel
+     between the client hosts and the Kerberos server.
+
+FFIILLEESS
+     /.update.keyxx.xx.xx.xx          shared DES key with server
+     /etc/kerberosIV/register_keys    server's key storage directory
+
+SSEEEE AALLSSOO
+     register(1),  registerd(8),  kerberos(1)
+
+HHIISSTTOORRYY
+     The mmaakkee__kkeeyyppaaiirr utility first appeared in 4.4BSD.
+
+4.4BSD                         December 11, 1993                             1
diff --git a/usr/share/man/cat8/registerd.0 b/usr/share/man/cat8/registerd.0
new file mode 100644
index 0000000000..8ca0b0fb76
--- /dev/null
+++ b/usr/share/man/cat8/registerd.0
@@ -0,0 +1,31 @@
+REGISTERD(8)              BSD System Manager's Manual             REGISTERD(8)
+
+NNAAMMEE
+     rreeggiisstteerrdd - Kerberos registration daemon
+
+SSYYNNOOPPSSIISS
+     rreeggiisstteerrdd
+
+DDEESSCCRRIIPPTTIIOONN
+     Act as a registration agent for a Kerberos domain.
+
+FFIILLEESS
+     /.update.keyxx.xx.xx.xx        shared DES key with server
+     /etc/kerberosIV/principal*     Kerberos database
+     /etc/kerberosIV/register_keys  directory containing keys for trusted
+                                    hosts
+
+SSEEEE AALLSSOO
+     registerd(8),  kerberos(1)
+
+DDIIAAGGNNOOSSTTIICCSS
+     ``Already exists'', if the user already exists in the Kerberos database.
+
+     ``Permission Denied'', if the host on which register is being run is un-
+     trusted.
+
+HHIISSTTOORRYY
+     The rreeggiisstteerrdd utility first appeared in 4.4BSD.
+
+
+4.4BSD                         December 11, 1993                             1
-- 
2.20.1