Drop patch 050_kadmin_to_usr_bin: applied upstream.

3 files changed, 1 insertions, 1078 deletions

diff --git a/debian/changelog b/debian/changelog
index 9e704c783..57e44867d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,6 +6,7 @@ heimdal (1.7~git20150920+dfsg-1) UNRELEASED; urgency=medium
   * Drop patch 044_hdb_ldap_static: applied upstream.
   * Drop patch 045_hx509_symbol_names: applied upstream.
   * Drop patch 048_private_libs: applied upstream.
+  * Drop patch 050_kadmin_to_usr_bin: applied upstream.
 
  -- Jelmer Vernooij <jelmer@debian.org>  Sun, 20 Sep 2015 15:56:49 +0000
 
diff --git a/debian/patches/050_kadmin_to_usr_bin b/debian/patches/050_kadmin_to_usr_bin
deleted file mode 100644
index 50f05df8b..000000000
--- a/debian/patches/050_kadmin_to_usr_bin
+++ /dev/null
@@ -1,1077 +0,0 @@
-Subject: [PATCH] Move kadmin and ktutil to /usr/bin.
-Author: Jelmer Vernooij <jelmer@samba.org>
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=168170
-Status: merged upstream, 5fd158db474838c3e2fa7e50c2920fdb771c3a51
-
----
- admin/Makefile.am   |   4 +-
- admin/ktutil.1      | 124 ++++++++++++++++++
- admin/ktutil.8      | 124 ------------------
- kadmin/Makefile.am  |   4 +-
- kadmin/kadmin.1     | 362 ++++++++++++++++++++++++++++++++++++++++++++++++++++
- kadmin/kadmin.8     | 362 ----------------------------------------------------
- kadmin/kadmind.8    |   2 +-
- lib/krb5/kerberos.8 |   4 +-
- 8 files changed, 493 insertions(+), 493 deletions(-)
- create mode 100644 admin/ktutil.1
- delete mode 100644 admin/ktutil.8
- create mode 100644 kadmin/kadmin.1
- delete mode 100644 kadmin/kadmin.8
-
-diff --git a/admin/Makefile.am b/admin/Makefile.am
-index 7bb5ef5..21d0157 100644
---- a/admin/Makefile.am
-+++ b/admin/Makefile.am
-@@ -4,9 +4,9 @@ include $(top_srcdir)/Makefile.am.common
- 
- AM_CPPFLAGS += $(INCLUDE_readline) $(INCLUDE_hcrypto)
- 
--man_MANS = ktutil.8
-+man_MANS = ktutil.1
- 
--sbin_PROGRAMS = ktutil
-+bin_PROGRAMS = ktutil
- 
- dist_ktutil_SOURCES =				\
- 	add.c					\
-diff --git a/admin/ktutil.1 b/admin/ktutil.1
-new file mode 100644
-index 0000000..a905419
---- /dev/null
-+++ b/admin/ktutil.1
-@@ -0,0 +1,124 @@
-+.\" Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
-+.\" (Royal Institute of Technology, Stockholm, Sweden).
-+.\" All rights reserved.
-+.\"
-+.\" Redistribution and use in source and binary forms, with or without
-+.\" modification, are permitted provided that the following conditions
-+.\" are met:
-+.\"
-+.\" 1. Redistributions of source code must retain the above copyright
-+.\"    notice, this list of conditions and the following disclaimer.
-+.\"
-+.\" 2. Redistributions in binary form must reproduce the above copyright
-+.\"    notice, this list of conditions and the following disclaimer in the
-+.\"    documentation and/or other materials provided with the distribution.
-+.\"
-+.\" 3. Neither the name of the Institute nor the names of its contributors
-+.\"    may be used to endorse or promote products derived from this software
-+.\"    without specific prior written permission.
-+.\"
-+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-+.\" SUCH DAMAGE.
-+.\"
-+.\" $Id$
-+.\"
-+.Dd April 14, 2005
-+.Dt KTUTIL 1
-+.Os HEIMDAL
-+.Sh NAME
-+.Nm ktutil
-+.Nd manage Kerberos keytabs
-+.Sh SYNOPSIS
-+.Nm
-+.Oo Fl k Ar keytab \*(Ba Xo
-+.Fl Fl keytab= Ns Ar keytab
-+.Xc
-+.Oc
-+.Op Fl v | Fl Fl verbose
-+.Op Fl Fl version
-+.Op Fl h | Fl Fl help
-+.Ar command
-+.Op Ar args
-+.Sh DESCRIPTION
-+.Nm
-+is a program for managing keytabs.
-+Supported options:
-+.Bl -tag -width Ds
-+.It Fl v , Fl Fl verbose
-+Verbose output.
-+.El
-+.Pp
-+.Ar command
-+can be one of the following:
-+.Bl -tag -width srvconvert
-+.It add Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \
-+Oo Fl V Ar kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e Ar enctype Oc \
-+Oo Fl Fl enctype= Ns Ar enctype Oc Oo Fl w Ar password Oc \
-+Oo Fl Fl password= Ns Ar password Oc Oo Fl r Oc Oo Fl Fl random Oc \
-+Oo Fl s Oc Oo Fl Fl no-salt Oc Oo Fl H Oc Op Fl Fl hex
-+Adds a key to the keytab. Options that are not specified will be
-+prompted for. This requires that you know the password or the hex key of the
-+principal to add; if what you really want is to add a new principal to
-+the keytab, you should consider the
-+.Ar get
-+command, which talks to the kadmin server.
-+.It change Oo Fl r Ar realm Oc Oo Fl Fl realm= Ns Ar realm Oc \
-+Oo Fl Fl a Ar host Oc Oo Fl Fl admin-server= Ns Ar host Oc \
-+Oo Fl Fl s Ar port Oc Op Fl Fl server-port= Ns Ar port
-+Update one or several keys to new versions.  By default, use the admin
-+server for the realm of a keytab entry.  Otherwise it will use the
-+values specified by the options.
-+.Pp
-+If no principals are given, all the ones in the keytab are updated.
-+.It copy Ar keytab-src Ar keytab-dest
-+Copies all the entries from
-+.Ar keytab-src
-+to
-+.Ar keytab-dest .
-+.It get Oo Fl p Ar admin principal Oc \
-+Oo Fl Fl principal= Ns Ar admin principal Oc Oo Fl e Ar enctype Oc \
-+Oo Fl Fl enctypes= Ns Ar enctype Oc Oo Fl r Ar realm Oc \
-+Oo Fl Fl realm= Ns Ar realm Oc Oo Fl a Ar admin server Oc \
-+Oo Fl Fl admin-server= Ns Ar admin server Oc Oo Fl s Ar server port Oc \
-+Oo Fl Fl server-port= Ns Ar server port Oc Ar principal ...
-+For each
-+.Ar principal ,
-+generate a new key for it (creating it if it doesn't already exist),
-+and put that key in the keytab.
-+.Pp
-+If no
-+.Ar realm
-+is specified, the realm to operate on is taken from the first
-+principal.
-+.It list Oo Fl Fl keys Oc Op Fl Fl timestamp
-+List the keys stored in the keytab.
-+.It remove Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \
-+Oo Fl V kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e enctype Oc \
-+Oo Fl Fl enctype= Ns Ar enctype Oc
-+Removes the specified key or keys. Not specifying a
-+.Ar kvno
-+removes keys with any version number. Not specifying an
-+.Ar enctype
-+removes keys of any type.
-+.It rename Ar from-principal Ar to-principal
-+Renames all entries in the keytab that match the
-+.Ar from-principal
-+to
-+.Ar to-principal .
-+.It purge Op Fl Fl age= Ns Ar age
-+Removes all old versions of a key for which there is a newer version
-+that is at least
-+.Ar age
-+(default one week) old.
-+.El
-+.Sh SEE ALSO
-+.Xr kadmin 1
-diff --git a/admin/ktutil.8 b/admin/ktutil.8
-deleted file mode 100644
-index 72a6c81..0000000
---- a/admin/ktutil.8
-+++ /dev/null
-@@ -1,124 +0,0 @@
--.\" Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
--.\" (Royal Institute of Technology, Stockholm, Sweden).
--.\" All rights reserved.
--.\"
--.\" Redistribution and use in source and binary forms, with or without
--.\" modification, are permitted provided that the following conditions
--.\" are met:
--.\"
--.\" 1. Redistributions of source code must retain the above copyright
--.\"    notice, this list of conditions and the following disclaimer.
--.\"
--.\" 2. Redistributions in binary form must reproduce the above copyright
--.\"    notice, this list of conditions and the following disclaimer in the
--.\"    documentation and/or other materials provided with the distribution.
--.\"
--.\" 3. Neither the name of the Institute nor the names of its contributors
--.\"    may be used to endorse or promote products derived from this software
--.\"    without specific prior written permission.
--.\"
--.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
--.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
--.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
--.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
--.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
--.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
--.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
--.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
--.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
--.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
--.\" SUCH DAMAGE.
--.\"
--.\" $Id$
--.\"
--.Dd April 14, 2005
--.Dt KTUTIL 8
--.Os HEIMDAL
--.Sh NAME
--.Nm ktutil
--.Nd manage Kerberos keytabs
--.Sh SYNOPSIS
--.Nm
--.Oo Fl k Ar keytab \*(Ba Xo
--.Fl Fl keytab= Ns Ar keytab
--.Xc
--.Oc
--.Op Fl v | Fl Fl verbose
--.Op Fl Fl version
--.Op Fl h | Fl Fl help
--.Ar command
--.Op Ar args
--.Sh DESCRIPTION
--.Nm
--is a program for managing keytabs.
--Supported options:
--.Bl -tag -width Ds
--.It Fl v , Fl Fl verbose
--Verbose output.
--.El
--.Pp
--.Ar command
--can be one of the following:
--.Bl -tag -width srvconvert
--.It add Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \
--Oo Fl V Ar kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e Ar enctype Oc \
--Oo Fl Fl enctype= Ns Ar enctype Oc Oo Fl w Ar password Oc \
--Oo Fl Fl password= Ns Ar password Oc Oo Fl r Oc Oo Fl Fl random Oc \
--Oo Fl s Oc Oo Fl Fl no-salt Oc Oo Fl H Oc Op Fl Fl hex
--Adds a key to the keytab. Options that are not specified will be
--prompted for. This requires that you know the password or the hex key of the
--principal to add; if what you really want is to add a new principal to
--the keytab, you should consider the
--.Ar get
--command, which talks to the kadmin server.
--.It change Oo Fl r Ar realm Oc Oo Fl Fl realm= Ns Ar realm Oc \
--Oo Fl Fl a Ar host Oc Oo Fl Fl admin-server= Ns Ar host Oc \
--Oo Fl Fl s Ar port Oc Op Fl Fl server-port= Ns Ar port
--Update one or several keys to new versions.  By default, use the admin
--server for the realm of a keytab entry.  Otherwise it will use the
--values specified by the options.
--.Pp
--If no principals are given, all the ones in the keytab are updated.
--.It copy Ar keytab-src Ar keytab-dest
--Copies all the entries from
--.Ar keytab-src
--to
--.Ar keytab-dest .
--.It get Oo Fl p Ar admin principal Oc \
--Oo Fl Fl principal= Ns Ar admin principal Oc Oo Fl e Ar enctype Oc \
--Oo Fl Fl enctypes= Ns Ar enctype Oc Oo Fl r Ar realm Oc \
--Oo Fl Fl realm= Ns Ar realm Oc Oo Fl a Ar admin server Oc \
--Oo Fl Fl admin-server= Ns Ar admin server Oc Oo Fl s Ar server port Oc \
--Oo Fl Fl server-port= Ns Ar server port Oc Ar principal ...
--For each
--.Ar principal ,
--generate a new key for it (creating it if it doesn't already exist),
--and put that key in the keytab.
--.Pp
--If no
--.Ar realm
--is specified, the realm to operate on is taken from the first
--principal.
--.It list Oo Fl Fl keys Oc Op Fl Fl timestamp
--List the keys stored in the keytab.
--.It remove Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \
--Oo Fl V kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e enctype Oc \
--Oo Fl Fl enctype= Ns Ar enctype Oc
--Removes the specified key or keys. Not specifying a
--.Ar kvno
--removes keys with any version number. Not specifying an
--.Ar enctype
--removes keys of any type.
--.It rename Ar from-principal Ar to-principal
--Renames all entries in the keytab that match the
--.Ar from-principal
--to
--.Ar to-principal .
--.It purge Op Fl Fl age= Ns Ar age
--Removes all old versions of a key for which there is a newer version
--that is at least
--.Ar age
--(default one week) old.
--.El
--.Sh SEE ALSO
--.Xr kadmin 8
-diff --git a/kadmin/Makefile.am b/kadmin/Makefile.am
-index 96e4c2f..a26c3cc 100644
---- a/kadmin/Makefile.am
-+++ b/kadmin/Makefile.am
-@@ -4,11 +4,11 @@ include $(top_srcdir)/Makefile.am.common
- 
- AM_CPPFLAGS += $(INCLUDE_libintl) $(INCLUDE_readline) $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5 -I$(top_builddir)/include/gssapi
- 
--sbin_PROGRAMS = kadmin
-+bin_PROGRAMS = kadmin
- 
- libexec_PROGRAMS = kadmind
- 
--man_MANS = kadmin.8 kadmind.8
-+man_MANS = kadmin.1 kadmind.8
- 
- noinst_PROGRAMS = add_random_users
- 
-diff --git a/kadmin/kadmin.1 b/kadmin/kadmin.1
-new file mode 100644
-index 0000000..ca61f71
---- /dev/null
-+++ b/kadmin/kadmin.1
-@@ -0,0 +1,362 @@
-+.\" Copyright (c) 2000 - 2007 Kungliga Tekniska Högskolan
-+.\" (Royal Institute of Technology, Stockholm, Sweden).
-+.\" All rights reserved.
-+.\"
-+.\" Redistribution and use in source and binary forms, with or without
-+.\" modification, are permitted provided that the following conditions
-+.\" are met:
-+.\"
-+.\" 1. Redistributions of source code must retain the above copyright
-+.\"    notice, this list of conditions and the following disclaimer.
-+.\"
-+.\" 2. Redistributions in binary form must reproduce the above copyright
-+.\"    notice, this list of conditions and the following disclaimer in the
-+.\"    documentation and/or other materials provided with the distribution.
-+.\"
-+.\" 3. Neither the name of the Institute nor the names of its contributors
-+.\"    may be used to endorse or promote products derived from this software
-+.\"    without specific prior written permission.
-+.\"
-+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-+.\" SUCH DAMAGE.
-+.\"
-+.\" $Id$
-+.\"
-+.Dd Feb  22, 2007
-+.Dt KADMIN 1
-+.Os HEIMDAL
-+.Sh NAME
-+.Nm kadmin
-+.Nd Kerberos administration utility
-+.Sh SYNOPSIS
-+.Nm
-+.Bk -words
-+.Op Fl p Ar string \*(Ba Fl Fl principal= Ns Ar string
-+.Op Fl K Ar string \*(Ba Fl Fl keytab= Ns Ar string
-+.Op Fl c Ar file \*(Ba Fl Fl config-file= Ns Ar file
-+.Op Fl k Ar file \*(Ba Fl Fl key-file= Ns Ar file
-+.Op Fl r Ar realm \*(Ba Fl Fl realm= Ns Ar realm
-+.Op Fl a Ar host \*(Ba Fl Fl admin-server= Ns Ar host
-+.Op Fl s Ar port number \*(Ba Fl Fl server-port= Ns Ar port number
-+.Op Fl l | Fl Fl local
-+.Op Fl h | Fl Fl help
-+.Op Fl v | Fl Fl version
-+.Op Ar command
-+.Ek
-+.Sh DESCRIPTION
-+The
-+.Nm
-+program is used to make modifications to the Kerberos database, either remotely via the
-+.Xr kadmind 8
-+daemon, or locally (with the
-+.Fl l
-+option).
-+.Pp
-+Supported options:
-+.Bl -tag -width Ds
-+.It Fl p Ar string , Fl Fl principal= Ns Ar string
-+principal to authenticate as
-+.It Fl K Ar string , Fl Fl keytab= Ns Ar string
-+keytab for authentication principal
-+.It Fl c Ar file , Fl Fl config-file= Ns Ar file
-+location of config file
-+.It Fl k Ar file , Fl Fl key-file= Ns Ar file
-+location of master key file
-+.It Fl r Ar realm , Fl Fl realm= Ns Ar realm
-+realm to use
-+.It Fl a Ar host , Fl Fl admin-server= Ns Ar host
-+server to contact
-+.It Fl s Ar port number , Fl Fl server-port= Ns Ar port number
-+port to use
-+.It Fl l , Fl Fl local
-+local admin mode
-+.El
-+.Pp
-+If no
-+.Ar command
-+is given on the command line,
-+.Nm
-+will prompt for commands to process. Some of the commands that take
-+one or more principals as argument
-+.Ns ( Nm delete ,
-+.Nm ext_keytab ,
-+.Nm get ,
-+.Nm modify ,
-+and
-+.Nm passwd )
-+will accept a glob style wildcard, and perform the operation on all
-+matching principals.
-+.Pp
-+Commands include:
-+.\" not using a list here, since groff apparently gets confused
-+.\" with nested Xo/Xc
-+.Pp
-+.Nm add
-+.Op Fl r | Fl Fl random-key
-+.Op Fl Fl random-password
-+.Op Fl p Ar string \*(Ba Fl Fl password= Ns Ar string
-+.Op Fl Fl key= Ns Ar string
-+.Op Fl Fl max-ticket-life= Ns Ar lifetime
-+.Op Fl Fl max-renewable-life= Ns Ar lifetime
-+.Op Fl Fl attributes= Ns Ar attributes
-+.Op Fl Fl expiration-time= Ns Ar time
-+.Op Fl Fl pw-expiration-time= Ns Ar time
-+.Op Fl Fl policy= Ns Ar policy-name
-+.Ar principal...
-+.Bd -ragged -offset indent
-+Adds a new principal to the database. The options not passed on the
-+command line will be promped for.
-+The only policy supported by Heimdal servers is
-+.Q1 default .
-+.Ed
-+.Pp
-+.Nm add_enctype
-+.Op Fl r | Fl Fl random-key
-+.Ar principal enctypes...
-+.Pp
-+.Bd -ragged -offset indent
-+Adds a new encryption type to the principal, only random key are
-+supported.
-+.Ed
-+.Pp
-+.Nm delete
-+.Ar principal...
-+.Bd -ragged -offset indent
-+Removes a principal.
-+.Ed
-+.Pp
-+.Nm del_enctype
-+.Ar principal enctypes...
-+.Bd -ragged -offset indent
-+Removes some enctypes from a principal; this can be useful if the
-+service belonging to the principal is known to not handle certain
-+enctypes.
-+.Ed
-+.Pp
-+.Nm ext_keytab
-+.Oo Fl k Ar string \*(Ba Xo
-+.Fl Fl keytab= Ns Ar string
-+.Xc
-+.Oc
-+.Ar principal...
-+.Bd -ragged -offset indent
-+Creates a keytab with the keys of the specified principals.  Requires
-+get-keys rights, otherwise the principal's keys are changed and saved in
-+the keytab.
-+.Ed
-+.Pp
-+.Nm get
-+.Op Fl l | Fl Fl long
-+.Op Fl s | Fl Fl short
-+.Op Fl t | Fl Fl terse
-+.Op Fl o Ar string | Fl Fl column-info= Ns Ar string
-+.Ar principal...
-+.Bd -ragged -offset indent
-+Lists the matching principals, short prints the result as a table,
-+while long format produces a more verbose output. Which columns to
-+print can be selected with the
-+.Fl o
-+option. The argument is a comma separated list of column names
-+optionally appended with an equal sign
-+.Pq Sq =
-+and a column header. Which columns are printed by default differ
-+slightly between short and long output.
-+.Pp
-+The default terse output format is similar to
-+.Fl s o Ar principal= ,
-+just printing the names of matched principals.
-+.Pp
-+Possible column names include:
-+.Li principal ,
-+.Li princ_expire_time ,
-+.Li pw_expiration ,
-+.Li last_pwd_change ,
-+.Li max_life ,
-+.Li max_rlife ,
-+.Li mod_time ,
-+.Li mod_name ,
-+.Li attributes ,
-+.Li kvno ,
-+.Li mkvno ,
-+.Li last_success ,
-+.Li last_failed ,
-+.Li fail_auth_count ,
-+.Li policy ,
-+and
-+.Li keytypes .
-+.Ed
-+.Pp
-+.Nm modify
-+.Oo Fl a Ar attributes \*(Ba Xo
-+.Fl Fl attributes= Ns Ar attributes
-+.Xc
-+.Oc
-+.Op Fl Fl max-ticket-life= Ns Ar lifetime
-+.Op Fl Fl max-renewable-life= Ns Ar lifetime
-+.Op Fl Fl expiration-time= Ns Ar time
-+.Op Fl Fl pw-expiration-time= Ns Ar time
-+.Op Fl Fl kvno= Ns Ar number
-+.Op Fl Fl policy= Ns Ar policy-name
-+.Ar principal...
-+.Bd -ragged -offset indent
-+Modifies certain attributes of a principal. If run without command
-+line options, you will be prompted. With command line options, it will
-+only change the ones specified.
-+.Pp
-+Only policy supported by Heimdal is
-+.Q1 default .
-+.Pp
-+Possible attributes are:
-+.Li new-princ ,
-+.Li support-desmd5 ,
-+.Li pwchange-service ,
-+.Li disallow-svr ,
-+.Li requires-pw-change ,
-+.Li requires-hw-auth ,
-+.Li requires-pre-auth ,
-+.Li disallow-all-tix ,
-+.Li disallow-dup-skey ,
-+.Li disallow-proxiable ,
-+.Li disallow-renewable ,
-+.Li disallow-tgt-based ,
-+.Li disallow-forwardable ,
-+.Li disallow-postdated
-+.Pp
-+Attributes may be negated with a "-", e.g.,
-+.Pp
-+kadmin -l modify -a -disallow-proxiable user
-+.Ed
-+.Pp
-+.Nm passwd
-+.Op Fl Fl keepold
-+.Op Fl r | Fl Fl random-key
-+.Op Fl Fl random-password
-+.Oo Fl p Ar string \*(Ba Xo
-+.Fl Fl password= Ns Ar string
-+.Xc
-+.Oc
-+.Op Fl Fl key= Ns Ar string
-+.Ar principal...
-+.Bd -ragged -offset indent
-+Changes the password of an existing principal.
-+.Ed
-+.Pp
-+.Nm password-quality
-+.Ar principal
-+.Ar password
-+.Bd -ragged -offset indent
-+Run the password quality check function locally.
-+You can run this on the host that is configured to run the kadmind
-+process to verify that your configuration file is correct.
-+The verification is done locally, if kadmin is run in remote mode,
-+no rpc call is done to the server.
-+.Ed
-+.Pp
-+.Nm privileges
-+.Bd -ragged -offset indent
-+Lists the operations you are allowed to perform. These include
-+.Li add ,
-+.Li add_enctype ,
-+.Li change-password ,
-+.Li delete ,
-+.Li del_enctype ,
-+.Li get ,
-+.Li get-keys ,
-+.Li list ,
-+and
-+.Li modify .
-+.Ed
-+.Pp
-+.Nm rename
-+.Ar from to
-+.Bd -ragged -offset indent
-+Renames a principal. This is normally transparent, but since keys are
-+salted with the principal name, they will have a non-standard salt,
-+and clients which are unable to cope with this will fail. Kerberos 4
-+suffers from this.
-+.Ed
-+.Pp
-+.Nm check
-+.Op Ar realm
-+.Pp
-+.Bd -ragged -offset indent
-+Check database for strange configurations on important principals. If
-+no realm is given, the default realm is used.
-+.Ed
-+.Pp
-+When running in local mode, the following commands can also be used:
-+.Pp
-+.Nm dump
-+.Op Fl d | Fl Fl decrypt
-+.Op Fl f Ns Ar format | Fl Fl format= Ns Ar format
-+.Op Ar dump-file
-+.Bd -ragged -offset indent
-+Writes the database in
-+.Dq machine readable text
-+form to the specified file, or standard out. If the database is
-+encrypted, the dump will also have encrypted keys, unless
-+.Fl Fl decrypt
-+is used.  If
-+.Fl Fl format=MIT
-+is used then the dump will be in MIT format.  Otherwise it will be in
-+Heimdal format.
-+.Ed
-+.Pp
-+.Nm init
-+.Op Fl Fl realm-max-ticket-life= Ns Ar string
-+.Op Fl Fl realm-max-renewable-life= Ns Ar string
-+.Ar realm
-+.Bd -ragged -offset indent
-+Initializes the Kerberos database with entries for a new realm. It's
-+possible to have more than one realm served by one server.
-+.Ed
-+.Pp
-+.Nm load
-+.Ar file
-+.Bd -ragged -offset indent
-+Reads a previously dumped database, and re-creates that database from
-+scratch.
-+.Ed
-+.Pp
-+.Nm merge
-+.Ar file
-+.Bd -ragged -offset indent
-+Similar to
-+.Nm load
-+but just modifies the database with the entries in the dump file.
-+.Ed
-+.Pp
-+.Nm stash
-+.Oo Fl e Ar enctype \*(Ba Xo
-+.Fl Fl enctype= Ns Ar enctype
-+.Xc
-+.Oc
-+.Oo Fl k Ar keyfile \*(Ba Xo
-+.Fl Fl key-file= Ns Ar keyfile
-+.Xc
-+.Oc
-+.Op Fl Fl convert-file
-+.Op Fl Fl master-key-fd= Ns Ar fd
-+.Bd -ragged -offset indent
-+Writes the Kerberos master key to a file used by the KDC.
-+.Ed
-+.\".Sh ENVIRONMENT
-+.\".Sh FILES
-+.\".Sh EXAMPLES
-+.\".Sh DIAGNOSTICS
-+.Sh SEE ALSO
-+.Xr kadmind 8 ,
-+.Xr kdc 8
-+.\".Sh STANDARDS
-+.\".Sh HISTORY
-+.\".Sh AUTHORS
-+.\".Sh BUGS
-diff --git a/kadmin/kadmin.8 b/kadmin/kadmin.8
-deleted file mode 100644
-index cce545a..0000000
---- a/kadmin/kadmin.8
-+++ /dev/null
-@@ -1,361 +0,0 @@
--.\" Copyright (c) 2000 - 2007 Kungliga Tekniska Högskolan
--.\" (Royal Institute of Technology, Stockholm, Sweden).
--.\" All rights reserved.
--.\"
--.\" Redistribution and use in source and binary forms, with or without
--.\" modification, are permitted provided that the following conditions
--.\" are met:
--.\"
--.\" 1. Redistributions of source code must retain the above copyright
--.\"    notice, this list of conditions and the following disclaimer.
--.\"
--.\" 2. Redistributions in binary form must reproduce the above copyright
--.\"    notice, this list of conditions and the following disclaimer in the
--.\"    documentation and/or other materials provided with the distribution.
--.\"
--.\" 3. Neither the name of the Institute nor the names of its contributors
--.\"    may be used to endorse or promote products derived from this software
--.\"    without specific prior written permission.
--.\"
--.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
--.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
--.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
--.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
--.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
--.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
--.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
--.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
--.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
--.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
--.\" SUCH DAMAGE.
--.\"
--.\" $Id$
--.\"
--.Dd Feb  22, 2007
--.Dt KADMIN 8
--.Os HEIMDAL
--.Sh NAME
--.Nm kadmin
--.Nd Kerberos administration utility
--.Sh SYNOPSIS
--.Nm
--.Bk -words
--.Op Fl p Ar string \*(Ba Fl Fl principal= Ns Ar string
--.Op Fl K Ar string \*(Ba Fl Fl keytab= Ns Ar string
--.Op Fl c Ar file \*(Ba Fl Fl config-file= Ns Ar file
--.Op Fl k Ar file \*(Ba Fl Fl key-file= Ns Ar file
--.Op Fl r Ar realm \*(Ba Fl Fl realm= Ns Ar realm
--.Op Fl a Ar host \*(Ba Fl Fl admin-server= Ns Ar host
--.Op Fl s Ar port number \*(Ba Fl Fl server-port= Ns Ar port number
--.Op Fl l | Fl Fl local
--.Op Fl h | Fl Fl help
--.Op Fl v | Fl Fl version
--.Op Ar command
--.Ek
--.Sh DESCRIPTION
--The
--.Nm
--program is used to make modifications to the Kerberos database, either remotely via the
--.Xr kadmind 8
--daemon, or locally (with the
--.Fl l
--option).
--.Pp
--Supported options:
--.Bl -tag -width Ds
--.It Fl p Ar string , Fl Fl principal= Ns Ar string
--principal to authenticate as
--.It Fl K Ar string , Fl Fl keytab= Ns Ar string
--keytab for authentication principal
--.It Fl c Ar file , Fl Fl config-file= Ns Ar file
--location of config file
--.It Fl k Ar file , Fl Fl key-file= Ns Ar file
--location of master key file
--.It Fl r Ar realm , Fl Fl realm= Ns Ar realm
--realm to use
--.It Fl a Ar host , Fl Fl admin-server= Ns Ar host
--server to contact
--.It Fl s Ar port number , Fl Fl server-port= Ns Ar port number
--port to use
--.It Fl l , Fl Fl local
--local admin mode
--.El
--.Pp
--If no
--.Ar command
--is given on the command line,
--.Nm
--will prompt for commands to process. Some of the commands that take
--one or more principals as argument
--.Ns ( Nm delete ,
--.Nm ext_keytab ,
--.Nm get ,
--.Nm modify ,
--and
--.Nm passwd )
--will accept a glob style wildcard, and perform the operation on all
--matching principals.
--.Pp
--Commands include:
--.\" not using a list here, since groff apparently gets confused
--.\" with nested Xo/Xc
--.Pp
--.Nm add
--.Op Fl r | Fl Fl random-key
--.Op Fl Fl random-password
--.Op Fl p Ar string \*(Ba Fl Fl password= Ns Ar string
--.Op Fl Fl key= Ns Ar string
--.Op Fl Fl max-ticket-life= Ns Ar lifetime
--.Op Fl Fl max-renewable-life= Ns Ar lifetime
--.Op Fl Fl attributes= Ns Ar attributes
--.Op Fl Fl expiration-time= Ns Ar time
--.Op Fl Fl pw-expiration-time= Ns Ar time
--.Op Fl Fl policy= Ns Ar policy-name
--.Ar principal...
--.Bd -ragged -offset indent
--Adds a new principal to the database. The options not passed on the
--command line will be promped for.
--The only policy supported by Heimdal servers is
--.Q1 default .
--.Ed
--.Pp
--.Nm add_enctype
--.Op Fl r | Fl Fl random-key
--.Ar principal enctypes...
--.Pp
--.Bd -ragged -offset indent
--Adds a new encryption type to the principal, only random key are
--supported.
--.Ed
--.Pp
--.Nm delete
--.Ar principal...
--.Bd -ragged -offset indent
--Removes a principal.
--.Ed
--.Pp
--.Nm del_enctype
--.Ar principal enctypes...
--.Bd -ragged -offset indent
--Removes some enctypes from a principal; this can be useful if the
--service belonging to the principal is known to not handle certain
--enctypes.
--.Ed
--.Pp
--.Nm ext_keytab
--.Oo Fl k Ar string \*(Ba Xo
--.Fl Fl keytab= Ns Ar string
--.Xc
--.Oc
--.Ar principal...
--.Bd -ragged -offset indent
--Creates a keytab with the keys of the specified principals.  Requires
--get-keys rights.
--.Ed
--.Pp
--.Nm get
--.Op Fl l | Fl Fl long
--.Op Fl s | Fl Fl short
--.Op Fl t | Fl Fl terse
--.Op Fl o Ar string | Fl Fl column-info= Ns Ar string
--.Ar principal...
--.Bd -ragged -offset indent
--Lists the matching principals, short prints the result as a table,
--while long format produces a more verbose output. Which columns to
--print can be selected with the
--.Fl o
--option. The argument is a comma separated list of column names
--optionally appended with an equal sign
--.Pq Sq =
--and a column header. Which columns are printed by default differ
--slightly between short and long output.
--.Pp
--The default terse output format is similar to
--.Fl s o Ar principal= ,
--just printing the names of matched principals.
--.Pp
--Possible column names include:
--.Li principal ,
--.Li princ_expire_time ,
--.Li pw_expiration ,
--.Li last_pwd_change ,
--.Li max_life ,
--.Li max_rlife ,
--.Li mod_time ,
--.Li mod_name ,
--.Li attributes ,
--.Li kvno ,
--.Li mkvno ,
--.Li last_success ,
--.Li last_failed ,
--.Li fail_auth_count ,
--.Li policy ,
--and
--.Li keytypes .
--.Ed
--.Pp
--.Nm modify
--.Oo Fl a Ar attributes \*(Ba Xo
--.Fl Fl attributes= Ns Ar attributes
--.Xc
--.Oc
--.Op Fl Fl max-ticket-life= Ns Ar lifetime
--.Op Fl Fl max-renewable-life= Ns Ar lifetime
--.Op Fl Fl expiration-time= Ns Ar time
--.Op Fl Fl pw-expiration-time= Ns Ar time
--.Op Fl Fl kvno= Ns Ar number
--.Op Fl Fl policy= Ns Ar policy-name
--.Ar principal...
--.Bd -ragged -offset indent
--Modifies certain attributes of a principal. If run without command
--line options, you will be prompted. With command line options, it will
--only change the ones specified.
--.Pp
--Only policy supported by Heimdal is
--.Q1 default .
--.Pp
--Possible attributes are:
--.Li new-princ ,
--.Li support-desmd5 ,
--.Li pwchange-service ,
--.Li disallow-svr ,
--.Li requires-pw-change ,
--.Li requires-hw-auth ,
--.Li requires-pre-auth ,
--.Li disallow-all-tix ,
--.Li disallow-dup-skey ,
--.Li disallow-proxiable ,
--.Li disallow-renewable ,
--.Li disallow-tgt-based ,
--.Li disallow-forwardable ,
--.Li disallow-postdated
--.Pp
--Attributes may be negated with a "-", e.g.,
--.Pp
--kadmin -l modify -a -disallow-proxiable user
--.Ed
--.Pp
--.Nm passwd
--.Op Fl Fl keepold
--.Op Fl r | Fl Fl random-key
--.Op Fl Fl random-password
--.Oo Fl p Ar string \*(Ba Xo
--.Fl Fl password= Ns Ar string
--.Xc
--.Oc
--.Op Fl Fl key= Ns Ar string
--.Ar principal...
--.Bd -ragged -offset indent
--Changes the password of an existing principal.
--.Ed
--.Pp
--.Nm password-quality
--.Ar principal
--.Ar password
--.Bd -ragged -offset indent
--Run the password quality check function locally.
--You can run this on the host that is configured to run the kadmind
--process to verify that your configuration file is correct.
--The verification is done locally, if kadmin is run in remote mode,
--no rpc call is done to the server.
--.Ed
--.Pp
--.Nm privileges
--.Bd -ragged -offset indent
--Lists the operations you are allowed to perform. These include
--.Li add ,
--.Li add_enctype ,
--.Li change-password ,
--.Li delete ,
--.Li del_enctype ,
--.Li get ,
--.Li get-keys ,
--.Li list ,
--and
--.Li modify .
--.Ed
--.Pp
--.Nm rename
--.Ar from to
--.Bd -ragged -offset indent
--Renames a principal. This is normally transparent, but since keys are
--salted with the principal name, they will have a non-standard salt,
--and clients which are unable to cope with this will fail. Kerberos 4
--suffers from this.
--.Ed
--.Pp
--.Nm check
--.Op Ar realm
--.Pp
--.Bd -ragged -offset indent
--Check database for strange configurations on important principals. If
--no realm is given, the default realm is used.
--.Ed
--.Pp
--When running in local mode, the following commands can also be used:
--.Pp
--.Nm dump
--.Op Fl d | Fl Fl decrypt
--.Op Fl f Ns Ar format | Fl Fl format= Ns Ar format
--.Op Ar dump-file
--.Bd -ragged -offset indent
--Writes the database in
--.Dq machine readable text
--form to the specified file, or standard out. If the database is
--encrypted, the dump will also have encrypted keys, unless
--.Fl Fl decrypt
--is used.  If
--.Fl Fl format=MIT
--is used then the dump will be in MIT format.  Otherwise it will be in
--Heimdal format.
--.Ed
--.Pp
--.Nm init
--.Op Fl Fl realm-max-ticket-life= Ns Ar string
--.Op Fl Fl realm-max-renewable-life= Ns Ar string
--.Ar realm
--.Bd -ragged -offset indent
--Initializes the Kerberos database with entries for a new realm. It's
--possible to have more than one realm served by one server.
--.Ed
--.Pp
--.Nm load
--.Ar file
--.Bd -ragged -offset indent
--Reads a previously dumped database, and re-creates that database from
--scratch.
--.Ed
--.Pp
--.Nm merge
--.Ar file
--.Bd -ragged -offset indent
--Similar to
--.Nm load
--but just modifies the database with the entries in the dump file.
--.Ed
--.Pp
--.Nm stash
--.Oo Fl e Ar enctype \*(Ba Xo
--.Fl Fl enctype= Ns Ar enctype
--.Xc
--.Oc
--.Oo Fl k Ar keyfile \*(Ba Xo
--.Fl Fl key-file= Ns Ar keyfile
--.Xc
--.Oc
--.Op Fl Fl convert-file
--.Op Fl Fl master-key-fd= Ns Ar fd
--.Bd -ragged -offset indent
--Writes the Kerberos master key to a file used by the KDC.
--.Ed
--.\".Sh ENVIRONMENT
--.\".Sh FILES
--.\".Sh EXAMPLES
--.\".Sh DIAGNOSTICS
--.Sh SEE ALSO
--.Xr kadmind 8 ,
--.Xr kdc 8
--.\".Sh STANDARDS
--.\".Sh HISTORY
--.\".Sh AUTHORS
--.\".Sh BUGS
-diff --git a/kadmin/kadmind.8 b/kadmin/kadmind.8
-index 453b8e7..f666159 100644
---- a/kadmin/kadmind.8
-+++ b/kadmin/kadmind.8
-@@ -158,6 +158,6 @@ mallory/admin@EXAMPLE.COM  add,get-keys  host/*@EXAMPLE.COM
- .\".Sh DIAGNOSTICS
- .Sh SEE ALSO
- .Xr kpasswd 1 ,
--.Xr kadmin 8 ,
-+.Xr kadmin 1 ,
- .Xr kdc 8 ,
- .Xr kpasswdd 8
-diff --git a/lib/krb5/kerberos.8 b/lib/krb5/kerberos.8
-index 1465a5b..d54ced5 100644
---- a/lib/krb5/kerberos.8
-+++ b/lib/krb5/kerberos.8
-@@ -85,9 +85,9 @@ For setup instructions see the Heimdal Texinfo manual.
- .Xr telnet 1 ,
- .Xr krb5 3 ,
- .Xr krb5.conf 5 ,
--.Xr kadmin 8 ,
-+.Xr kadmin 1 ,
- .Xr kdc 8 ,
--.Xr ktutil 8
-+.Xr ktutil 1
- .Sh HISTORY
- The Kerberos authentication system was developed in the late 1980's as
- part of the Athena Project at the Massachusetts Institute of
diff --git a/debian/patches/series b/debian/patches/series
index cf059d307..2af4610bc 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -12,6 +12,5 @@ installsh
 046_hurd_sundevdata
 047_link_gssapi
 049_testkdc_timeout
-050_kadmin_to_usr_bin
 051_bug746486-memleak
 060_no_build_string