New upstream version 3.16

author: Russ Allbery <eagle@eyrie.org> 2019-10-26 12:13:46 -0700
committer: Russ Allbery <eagle@eyrie.org> 2019-10-26 12:13:46 -0700
commit: fc5a07a35d43c8e83bf9abcdcdb08617fb1e5f84 (patch)
tree: 7621e468a592d70218b98b737c58eec80b80454a /docs
parent: a44706681f19d3209f79d059060ca3003db27e4f (diff)
parent: 76c42d785152a1b25c8e6fedca827511b3e68cfd (diff)
20 files changed, 359 insertions, 262 deletions
diff --git a/docs/api/remctl.3 b/docs/api/remctl.3
index 7ec8303..5f0038a 100644
--- a/docs/api/remctl.3
+++ b/docs/api/remctl.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTL 3"
-.TH REMCTL 3 "2018-05-05" "3.15" "remctl Library Reference"
+.TH REMCTL 3 "2019-10-26" "3.16" "remctl Library Reference"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -147,7 +151,7 @@ struct remctl_result *
 void \fBremctl_result_free\fR(struct remctl_result *\fIresult\fR);
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIremctl()\fR provides a simplified client \s-1API\s0 for the remctl protocol.  Given
+\&\fBremctl()\fR provides a simplified client \s-1API\s0 for the remctl protocol.  Given
 the host, port, service principal for authentication, and command to run,
 it opens a connection to the remote system, sends the command via the
 remctl protocol, reads the results, closes the connection, and returns the
@@ -169,14 +173,14 @@ principal disables this behavior.
 .PP
 The remctl protocol uses Kerberos via GSS-API for authentication.  The
 underlying GSS-API library will use the default ticket cache for
-authentication, so to successfully use \fIremctl()\fR, the caller should already
+authentication, so to successfully use \fBremctl()\fR, the caller should already
 have Kerberos tickets for an appropriate realm stored in its default
 ticket cache.  The environment variable \s-1KRB5CCNAME\s0 can be used to control
 which ticket cache is used.  If the client needs to control which ticket
 cache is used without changing the environment, use the full client \s-1API\s0
-along with \fIremctl_set_ccache\fR\|(3).
+along with \fBremctl_set_ccache\fR\|(3).
 .PP
-\&\fIremctl()\fR returns a newly allocated remctl_result struct, which has the
+\&\fBremctl()\fR returns a newly allocated remctl_result struct, which has the
 following members:
 .PP
 .Vb 8
@@ -199,21 +203,21 @@ standard Unix convention, a 0 status should normally be considered success
 and any non-zero status should normally be considered failure, although a
 given command may have its own exit status conventions.
 .PP
-\&\fIremctl_result_free()\fR frees the remctl_result struct when the calling
+\&\fBremctl_result_free()\fR frees the remctl_result struct when the calling
 program is through with it.
 .PP
 If you want more control over the steps of the protocol, issue multiple
 commands on the same connection, control the ticket cache or source \s-1IP,\s0
 set a timeout on replies, or send data as part of the command that
-contains NULs, use the full \s-1API\s0 described in \fIremctl_new\fR\|(3),
-\&\fIremctl_open\fR\|(3), \fIremctl_commandv\fR\|(3), and \fIremctl_output\fR\|(3).
+contains NULs, use the full \s-1API\s0 described in \fBremctl_new\fR\|(3),
+\&\fBremctl_open\fR\|(3), \fBremctl_commandv\fR\|(3), and \fBremctl_output\fR\|(3).
 .SH "RETURN VALUE"
 .IX Header "RETURN VALUE"
-\&\fIremctl()\fR returns \s-1NULL\s0 on failure to allocate a new remctl_result struct or
+\&\fBremctl()\fR returns \s-1NULL\s0 on failure to allocate a new remctl_result struct or
 on failure to allocate space to store an error message.  Otherwise, it
 returns a newly allocated remctl_result struct with either an error
 message in the error field or the results of the command filled out as
-described above.  If \fIremctl()\fR returns \s-1NULL,\s0 errno will be set to an
+described above.  If \fBremctl()\fR returns \s-1NULL,\s0 errno will be set to an
 appropriate error code (generally \s-1ENOMEM\s0).
 .SH "COMPATIBILITY"
 .IX Header "COMPATIBILITY"
@@ -226,10 +230,10 @@ version 2.11.
 Support for IPv6 was added in version 2.4.
 .SH "CAVEATS"
 .IX Header "CAVEATS"
-If the \fIprincipal\fR argument to \fIremctl()\fR is \s-1NULL,\s0 most GSS-API libraries
+If the \fIprincipal\fR argument to \fBremctl()\fR is \s-1NULL,\s0 most GSS-API libraries
 will canonicalize the \fIhost\fR using \s-1DNS\s0 before deriving the principal name
 from it.  This means that when connecting to a remctl server via a \s-1CNAME,\s0
-\&\fIremctl()\fR will normally authenticate using a principal based on the
+\&\fBremctl()\fR will normally authenticate using a principal based on the
 canonical name of the host instead of the specified \fIhost\fR parameter.
 This behavior may cause problems if two consecutive \s-1DNS\s0 lookups of \fIhost\fR
 may return two different results, such as with some DNS-based
@@ -241,7 +245,7 @@ setting \f(CW\*(C`rdns\*(C'\fR to false in the [libdefaults] section of \fIkrb5.
 can also be disabled by passing an explicit Kerberos principal name via
 the \fIprincipal\fR argument, which will then be used without changes.  If
 canonicalization is desired, the caller may wish to canonicalize \fIhost\fR
-before calling \fIremctl()\fR to avoid problems with multiple \s-1DNS\s0 calls
+before calling \fBremctl()\fR to avoid problems with multiple \s-1DNS\s0 calls
 returning different results.
 .PP
 The default behavior, when a port of 0 is given, of trying 4373 and
@@ -269,8 +273,8 @@ warranty.
 SPDX-License-Identifier: \s-1FSFAP\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIremctl_new\fR\|(3), \fIremctl_open\fR\|(3), \fIremctl_command\fR\|(3), \fIremctl_commandv\fR\|(3),
-\&\fIremctl_output\fR\|(3), \fIremctl_close\fR\|(3)
+\&\fBremctl_new\fR\|(3), \fBremctl_open\fR\|(3), \fBremctl_command\fR\|(3), \fBremctl_commandv\fR\|(3),
+\&\fBremctl_output\fR\|(3), \fBremctl_close\fR\|(3)
 .PP
 The current version of the remctl library and complete details of the
 remctl protocol are available from its web page at
diff --git a/docs/api/remctl_close.3 b/docs/api/remctl_close.3
index 08a9010..5791a0d 100644
--- a/docs/api/remctl_close.3
+++ b/docs/api/remctl_close.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTL_CLOSE 3"
-.TH REMCTL_CLOSE 3 "2018-05-05" "3.15" "remctl Library Reference"
+.TH REMCTL_CLOSE 3 "2019-10-26" "3.16" "remctl Library Reference"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -143,14 +147,14 @@ remctl_close \- Close a remctl connection and free the client object
 void \fBremctl_close\fR(struct remctl *\fIr\fR);
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIremctl_close()\fR cleanly closes any connection to a remote server created
-via \fIremctl_open()\fR for the given client object and then frees the object
-created by \fIremctl_new()\fR.  It should be called when the caller is finished
+\&\fBremctl_close()\fR cleanly closes any connection to a remote server created
+via \fBremctl_open()\fR for the given client object and then frees the object
+created by \fBremctl_new()\fR.  It should be called when the caller is finished
 with a remctl client object to avoid resource leaks.  Following the call
-to \fIremctl_close()\fR, the \fIr\fR pointer to the remctl client object is no
+to \fBremctl_close()\fR, the \fIr\fR pointer to the remctl client object is no
 longer valid.
 .PP
-\&\fIremctl_close()\fR is always successful, even if it is unable to send a clean
+\&\fBremctl_close()\fR is always successful, even if it is unable to send a clean
 protocol quit command to the remote server.
 .SH "COMPATIBILITY"
 .IX Header "COMPATIBILITY"
@@ -172,7 +176,7 @@ warranty.
 SPDX-License-Identifier: \s-1FSFAP\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIremctl_new\fR\|(3), \fIremctl_open\fR\|(3)
+\&\fBremctl_new\fR\|(3), \fBremctl_open\fR\|(3)
 .PP
 The current version of the remctl library and complete details of the
 remctl protocol are available from its web page at
diff --git a/docs/api/remctl_command.3 b/docs/api/remctl_command.3
index cf02360..2afe05e 100644
--- a/docs/api/remctl_command.3
+++ b/docs/api/remctl_command.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTL_COMMAND 3"
-.TH REMCTL_COMMAND 3 "2018-05-05" "3.15" "remctl Library Reference"
+.TH REMCTL_COMMAND 3 "2019-10-26" "3.16" "remctl Library Reference"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -148,29 +152,29 @@ int \fBremctl_commandv\fR(struct remctl *\fIr\fR, const struct iovec *\fIiov\fR,
                     size_t \fIcount\fR);
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIremctl_command()\fR and \fIremctl_commandv()\fR send a command to a remote remctl
-server.  The remctl client object \fIr\fR, created with \fIremctl_new()\fR, should
-have previously been passed to \fIremctl_open()\fR to open a connection to the
+\&\fBremctl_command()\fR and \fBremctl_commandv()\fR send a command to a remote remctl
+server.  The remctl client object \fIr\fR, created with \fBremctl_new()\fR, should
+have previously been passed to \fBremctl_open()\fR to open a connection to the
 server.
 .PP
-\&\fIremctl_command()\fR takes the command as a NULL-terminated array of
+\&\fBremctl_command()\fR takes the command as a NULL-terminated array of
 NUL-terminated strings (the same layout as an argv array).  This function
 is most convenient when passing simple text commands.
 .PP
-\&\fIremctl_commandv()\fR takes the command as an array of iovec structs of length
+\&\fBremctl_commandv()\fR takes the command as an array of iovec structs of length
 \&\fIcount\fR.  This function is most convenient when passing arbitrary data to
 the command, since the iovec struct takes a pointer and a length for each
-chunk of data.  See \fIwritev\fR\|(2) for the layout of the iovec struct.
+chunk of data.  See \fBwritev\fR\|(2) for the layout of the iovec struct.
 .PP
 To control the network timeout for sending the command, see the
-\&\fIremctl_set_timeout\fR\|(3) function.
+\&\fBremctl_set_timeout\fR\|(3) function.
 .PP
-After calling one of these functions, call \fIremctl_output()\fR to get the
+After calling one of these functions, call \fBremctl_output()\fR to get the
 results of the command.
 .SH "RETURN VALUE"
 .IX Header "RETURN VALUE"
-\&\fIremctl_command()\fR and \fIremctl_commandv()\fR return true on success and false on
-failure.  On failure, the caller should call \fIremctl_error()\fR to retrieve
+\&\fBremctl_command()\fR and \fBremctl_commandv()\fR return true on success and false on
+failure.  On failure, the caller should call \fBremctl_error()\fR to retrieve
 the error message.
 .SH "COMPATIBILITY"
 .IX Header "COMPATIBILITY"
@@ -192,7 +196,7 @@ warranty.
 SPDX-License-Identifier: \s-1FSFAP\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIremctl_new\fR\|(3), \fIremctl_open\fR\|(3), \fIremctl_output\fR\|(3), \fIremctl_error\fR\|(3)
+\&\fBremctl_new\fR\|(3), \fBremctl_open\fR\|(3), \fBremctl_output\fR\|(3), \fBremctl_error\fR\|(3)
 .PP
 The current version of the remctl library and complete details of the
 remctl protocol are available from its web page at
diff --git a/docs/api/remctl_error.3 b/docs/api/remctl_error.3
index 24955ca..0b4e2f5 100644
--- a/docs/api/remctl_error.3
+++ b/docs/api/remctl_error.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTL_ERROR 3"
-.TH REMCTL_ERROR 3 "2018-05-05" "3.15" "remctl Library Reference"
+.TH REMCTL_ERROR 3 "2019-10-26" "3.16" "remctl Library Reference"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -143,19 +147,19 @@ remctl_error \- Retrieve the error from a failed remctl operation
 const char *\fBremctl_error\fR(struct remctl *\fIr\fR);
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIremctl_error()\fR returns the error from a previously failed remctl
+\&\fBremctl_error()\fR returns the error from a previously failed remctl
 operation.  Its only argument is a remctl struct as returned by
-\&\fIremctl_new()\fR.  If the previous remctl operation was successful, returns
+\&\fBremctl_new()\fR.  If the previous remctl operation was successful, returns
 the constant string \*(L"No error\*(R".
 .PP
 The caller may not modify the returned string.  The string may even be
 stored in read-only memory and attempting to modify it may cause a memory
 fault.  The returned pointer will be invalidated by the next call to any
 remctl \s-1API\s0 function with the same client object, other than
-\&\fIremctl_error()\fR.
+\&\fBremctl_error()\fR.
 .SH "RETURN VALUE"
 .IX Header "RETURN VALUE"
-\&\fIremctl_error()\fR returns either the previous error or the constant string
+\&\fBremctl_error()\fR returns either the previous error or the constant string
 \&\*(L"No error\*(R".  It will never return \s-1NULL.\s0
 .SH "COMPATIBILITY"
 .IX Header "COMPATIBILITY"
@@ -177,8 +181,8 @@ warranty.
 SPDX-License-Identifier: \s-1FSFAP\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIremctl_new\fR\|(3), \fIremctl_open\fR\|(3), \fIremctl_command\fR\|(3), \fIremctl_commandv\fR\|(3),
-\&\fIremctl_output\fR\|(3)
+\&\fBremctl_new\fR\|(3), \fBremctl_open\fR\|(3), \fBremctl_command\fR\|(3), \fBremctl_commandv\fR\|(3),
+\&\fBremctl_output\fR\|(3)
 .PP
 The current version of the remctl library and complete details of the
 remctl protocol are available from its web page at
diff --git a/docs/api/remctl_new.3 b/docs/api/remctl_new.3
index e0c6833..3072e00 100644
--- a/docs/api/remctl_new.3
+++ b/docs/api/remctl_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTL_NEW 3"
-.TH REMCTL_NEW 3 "2018-05-05" "3.15" "remctl Library Reference"
+.TH REMCTL_NEW 3 "2019-10-26" "3.16" "remctl Library Reference"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -143,16 +147,16 @@ remctl_new \- Create a new remctl client
 struct remctl *\fBremctl_new\fR(void);
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIremctl_new()\fR creates a new remctl client.  The resulting remctl struct is
+\&\fBremctl_new()\fR creates a new remctl client.  The resulting remctl struct is
 opaque from the perspective of the caller, but should be the first
 argument to all subsequent calls into the remctl \s-1API.\s0  Normally, the next
-call after \fIremctl_new()\fR would be \fIremctl_open()\fR to connect to a remote
+call after \fBremctl_new()\fR would be \fBremctl_open()\fR to connect to a remote
 server.
 .PP
-The resulting struct should be freed by calling \fIremctl_close()\fR.
+The resulting struct should be freed by calling \fBremctl_close()\fR.
 .SH "RETURN VALUE"
 .IX Header "RETURN VALUE"
-\&\fIremctl_new()\fR returns a pointer to an opaque remctl struct on success and
+\&\fBremctl_new()\fR returns a pointer to an opaque remctl struct on success and
 \&\s-1NULL\s0 on failure.  If it returns \s-1NULL,\s0 errno will be set to an appropriate
 error code (normally \s-1ENOMEM\s0).
 .SH "COMPATIBILITY"
@@ -175,8 +179,8 @@ warranty.
 SPDX-License-Identifier: \s-1FSFAP\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIremctl_open\fR\|(3), \fIremctl_command\fR\|(3), \fIremctl_commandv\fR\|(3), \fIremctl_output\fR\|(3),
-\&\fIremctl_close\fR\|(3)
+\&\fBremctl_open\fR\|(3), \fBremctl_command\fR\|(3), \fBremctl_commandv\fR\|(3), \fBremctl_output\fR\|(3),
+\&\fBremctl_close\fR\|(3)
 .PP
 The current version of the remctl library and complete details of the
 remctl protocol are available from its web page at
diff --git a/docs/api/remctl_noop.3 b/docs/api/remctl_noop.3
index f9c6fe9..7fa6810 100644
--- a/docs/api/remctl_noop.3
+++ b/docs/api/remctl_noop.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTL_NOOP 3"
-.TH REMCTL_NOOP 3 "2018-05-05" "3.15" "remctl Library Reference"
+.TH REMCTL_NOOP 3 "2019-10-26" "3.16" "remctl Library Reference"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -143,7 +147,7 @@ remctl_noop \- Send a NOOP message to a remctl server
 int \fBremctl_noop\fR(struct remctl *\fIr\fR);
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIremctl_noop()\fR sends a \s-1NOOP\s0 message to a remctl server and reads the
+\&\fBremctl_noop()\fR sends a \s-1NOOP\s0 message to a remctl server and reads the
 expected \s-1NOOP\s0 response.  This is primarily used to keep a connection to a
 remctl server alive, such as through a firewall with a session timeout,
 while waiting to issue further commands.
@@ -152,11 +156,11 @@ The \s-1NOOP\s0 message requires protocol version 3 support in the server, so th
 caller should be prepared for this function to fail, indicating that the
 connection could not be kept alive and possibly that it was closed by the
 server.  In this case, the client will need to explicitly reopen the
-connection with \fIremctl_open()\fR.
+connection with \fBremctl_open()\fR.
 .SH "RETURN VALUE"
 .IX Header "RETURN VALUE"
-\&\fIremctl_noop()\fR returns true on success and false on failure.  On failure,
-the caller should call \fIremctl_error()\fR to retrieve the error message.  In
+\&\fBremctl_noop()\fR returns true on success and false on failure.  On failure,
+the caller should call \fBremctl_error()\fR to retrieve the error message.  In
 addition to network errors, this function may fail if the server doesn't
 support protocol version 3.
 .SH "COMPATIBILITY"
@@ -178,7 +182,7 @@ warranty.
 SPDX-License-Identifier: \s-1FSFAP\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIremctl_new\fR\|(3), \fIremctl_open\fR\|(3), \fIremctl_command\fR\|(3), \fIremctl_error\fR\|(3)
+\&\fBremctl_new\fR\|(3), \fBremctl_open\fR\|(3), \fBremctl_command\fR\|(3), \fBremctl_error\fR\|(3)
 .PP
 The current version of the remctl library and complete details of the
 remctl protocol are available from its web page at
diff --git a/docs/api/remctl_open.3 b/docs/api/remctl_open.3
index 12feb8a..1825fbc 100644
--- a/docs/api/remctl_open.3
+++ b/docs/api/remctl_open.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTL_OPEN 3"
-.TH REMCTL_OPEN 3 "2018-05-05" "3.15" "remctl Library Reference"
+.TH REMCTL_OPEN 3 "2019-10-26" "3.16" "remctl Library Reference"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -156,9 +160,9 @@ int \fBremctl_open_fd\fR(struct remctl *\fIr\fR, const char *\fIhost\fR,
                       int \fIfd\fR, const char *\fIprincipal\fR);
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIremctl_open()\fR opens a \s-1TCP\s0 connection to the given \fIhost\fR on the given
+\&\fBremctl_open()\fR opens a \s-1TCP\s0 connection to the given \fIhost\fR on the given
 \&\fIport\fR and then authenticates using the remctl protocol and the service
-principal \fIprincipal\fR.  \fIr\fR is a remctl struct created via \fIremctl_new()\fR.
+principal \fIprincipal\fR.  \fIr\fR is a remctl struct created via \fBremctl_new()\fR.
 \&\fIhost\fR must not be \s-1NULL.\s0  If \fIport\fR is 0, the library first attempts to
 connect to the registered port of 4373 and then tries the legacy port of
 4444 if that fails.  Future versions of the library will drop this
@@ -166,16 +170,16 @@ fallback to 4444.  If \fIprincipal\fR is \s-1NULL,\s0 a service principal of
 \&\f(CW\*(C`host/\f(CIhost\f(CW\*(C'\fR is used, with the realm determined by domain-realm
 mapping.
 .PP
-\&\fIremctl_open_addrinfo()\fR operates in the same manner as \fIremctl_open()\fR, but
+\&\fBremctl_open_addrinfo()\fR operates in the same manner as \fBremctl_open()\fR, but
 connects to the first usable address in \fIai\fR, which must be a list of
-results as returned by \fIgetaddrinfo\fR\|(3).  The \fIhost\fR is used only to form
+results as returned by \fBgetaddrinfo\fR\|(3).  The \fIhost\fR is used only to form
 the default service principal, and may be \s-1NULL\s0 if \fIprincipal\fR is not \s-1NULL.\s0
 .PP
-\&\fIremctl_open_sockaddr()\fR is equivalent to \fIremctl_open_addrinfo()\fR with a
+\&\fBremctl_open_sockaddr()\fR is equivalent to \fBremctl_open_addrinfo()\fR with a
 single addrinfo structure specifying the use of \s-1TCP\s0 with socket address
 \&\fIaddr\fR and length \fIaddrlen\fR.
 .PP
-\&\fIremctl_open_fd()\fR operates in the same manner as \fIremctl_open_addrinfo()\fR,
+\&\fBremctl_open_fd()\fR operates in the same manner as \fBremctl_open_addrinfo()\fR,
 but uses an already-established \s-1TCP\s0 connection identified by the file
 descriptor \fIfd\fR.  On Windows, \fIfd\fR is of type \f(CW\*(C`SOCKET\*(C'\fR and must be
 a valid socket descriptor.
@@ -187,25 +191,25 @@ principal disables this behavior.
 .PP
 The remctl protocol uses Kerberos via GSS-API for authentication.  The
 underlying GSS-API library will use the default ticket cache for
-authentication, so to successfully use \fIremctl_open()\fR, the caller should
+authentication, so to successfully use \fBremctl_open()\fR, the caller should
 already have Kerberos tickets for an appropriate realm stored in its
 default ticket cache.  The environment variable \s-1KRB5CCNAME\s0 or the
-\&\fIremctl_set_ccache\fR\|(3) function can be used to control which ticket cache
+\&\fBremctl_set_ccache\fR\|(3) function can be used to control which ticket cache
 is used.
 .PP
 To control the timeout for the connect and for subsequent calls, see the
-\&\fIremctl_set_timeout\fR\|(3) function.  To control the source \s-1IP\s0 used by
-\&\fIremctl_open()\fR, \fIremctl_open_addrinfo()\fR, and \fIremctl_open_sockaddr()\fR, see the
-\&\fIremctl_set_source_ip\fR\|(3) function.
+\&\fBremctl_set_timeout\fR\|(3) function.  To control the source \s-1IP\s0 used by
+\&\fBremctl_open()\fR, \fBremctl_open_addrinfo()\fR, and \fBremctl_open_sockaddr()\fR, see the
+\&\fBremctl_set_source_ip\fR\|(3) function.
 .SH "RETURN VALUE"
 .IX Header "RETURN VALUE"
-\&\fIremctl_open()\fR returns true on success and false on failure.  On failure,
-the caller should call \fIremctl_error()\fR to retrieve the error message.
+\&\fBremctl_open()\fR returns true on success and false on failure.  On failure,
+the caller should call \fBremctl_error()\fR to retrieve the error message.
 .SH "COMPATIBILITY"
 .IX Header "COMPATIBILITY"
-The \fIremctl_open()\fR interface has been provided by the remctl client library
-since its initial release in version 2.0.  \fIremctl_open_addrinfo()\fR,
-\&\fIremctl_open_sockaddr()\fR, and \fIremctl_open_fd()\fR were added in version 3.4.
+The \fBremctl_open()\fR interface has been provided by the remctl client library
+since its initial release in version 2.0.  \fBremctl_open_addrinfo()\fR,
+\&\fBremctl_open_sockaddr()\fR, and \fBremctl_open_fd()\fR were added in version 3.4.
 .PP
 The default port was changed to the IANA-registered port of 4373 in
 version 2.11.
@@ -213,10 +217,10 @@ version 2.11.
 Support for IPv6 was added in version 2.4.
 .SH "CAVEATS"
 .IX Header "CAVEATS"
-If the \fIprincipal\fR argument to \fIremctl_open()\fR is \s-1NULL,\s0 most GSS-API
+If the \fIprincipal\fR argument to \fBremctl_open()\fR is \s-1NULL,\s0 most GSS-API
 libraries will canonicalize the \fIhost\fR using \s-1DNS\s0 before deriving the
 principal name from it.  This means that when connecting to a remctl
-server via a \s-1CNAME,\s0 \fIremctl_open()\fR will normally authenticate using a
+server via a \s-1CNAME,\s0 \fBremctl_open()\fR will normally authenticate using a
 principal based on the canonical name of the host instead of the specified
 \&\fIhost\fR parameter.  This behavior may cause problems if two consecutive
 \&\s-1DNS\s0 lookups of \fIhost\fR may return two different results, such as with some
@@ -228,7 +232,7 @@ setting \f(CW\*(C`rdns\*(C'\fR to false in the [libdefaults] section of \fIkrb5.
 can also be disabled by passing an explicit Kerberos principal name via
 the \fIprincipal\fR argument, which will then be used without changes.  If
 canonicalization is desired, the caller may wish to canonicalize \fIhost\fR
-before calling \fIremctl_open()\fR to avoid problems with multiple \s-1DNS\s0 calls
+before calling \fBremctl_open()\fR to avoid problems with multiple \s-1DNS\s0 calls
 returning different results.
 .PP
 The default behavior, when a port of 0 is given, of trying 4373 and
@@ -237,8 +241,8 @@ in favor of using the \f(CW\*(C`remctl\*(C'\fR service in \fI/etc/services\fR if
 then falling back on only 4373.  4444 was the poorly-chosen original
 remctl port and should be phased out.
 .PP
-Connections established using the alternate-open interfaces \fIremctl_open_fd()\fR,
-\&\fIremctl_open_addrinfo()\fR, and \fIremctl_open_sockaddr()\fR do not support the
+Connections established using the alternate-open interfaces \fBremctl_open_fd()\fR,
+\&\fBremctl_open_addrinfo()\fR, and \fBremctl_open_sockaddr()\fR do not support the
 automatic connection-reopening which is used to give the illusion of a
 single long-lived connection when sending multiple commands to a server
 which supports only version 1 of the remctl protocol.  Therefore, when
@@ -265,8 +269,8 @@ warranty.
 SPDX-License-Identifier: \s-1FSFAP\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIremctl_new\fR\|(3), \fIremctl_error\fR\|(3), \fIremctl_set_ccache\fR\|(3),
-\&\fIremctl_set_source_ip\fR\|(3), \fIremctl_set_timeout\fR\|(3)
+\&\fBremctl_new\fR\|(3), \fBremctl_error\fR\|(3), \fBremctl_set_ccache\fR\|(3),
+\&\fBremctl_set_source_ip\fR\|(3), \fBremctl_set_timeout\fR\|(3)
 .PP
 The current version of the remctl library and complete details of the
 remctl protocol are available from its web page at
diff --git a/docs/api/remctl_output.3 b/docs/api/remctl_output.3
index 4cc5f97..e5ca9d5 100644
--- a/docs/api/remctl_output.3
+++ b/docs/api/remctl_output.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTL_OUTPUT 3"
-.TH REMCTL_OUTPUT 3 "2018-05-05" "3.15" "remctl Library Reference"
+.TH REMCTL_OUTPUT 3 "2019-10-26" "3.16" "remctl Library Reference"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -143,10 +147,10 @@ remctl_output \- Retrieve the results of a remctl command
 struct remctl_output *\fBremctl_output\fR(struct remctl *\fIr\fR);
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIremctl_output()\fR retrieves the next output token from the remote remctl
-server.  \fIr\fR is a remctl client object created with \fIremctl_new()\fR, which
-should have previously been used as the argument to \fIremctl_open()\fR and then
-either \fIremctl_command()\fR or \fIremctl_commandv()\fR.
+\&\fBremctl_output()\fR retrieves the next output token from the remote remctl
+server.  \fIr\fR is a remctl client object created with \fBremctl_new()\fR, which
+should have previously been used as the argument to \fBremctl_open()\fR and then
+either \fBremctl_command()\fR or \fBremctl_commandv()\fR.
 .PP
 The returned remctl_output struct has the following members:
 .PP
@@ -175,8 +179,8 @@ of type \s-1REMCTL_OUT_ERROR.\s0  A successful command will return zero or more
 \&\s-1REMCTL_OUT_OUTPUT\s0 tokens representing the output of the command followed
 by a \s-1REMCTL_OUT_STATUS\s0 token giving the exit status of the command.
 Therefore, for each command issued, the caller should call
-\&\fIremctl_command()\fR or \fIremctl_commandv()\fR and then call \fIremctl_output()\fR
-repeatedly to retrieve each output token until \fIremctl_output()\fR returns a
+\&\fBremctl_command()\fR or \fBremctl_commandv()\fR and then call \fBremctl_output()\fR
+repeatedly to retrieve each output token until \fBremctl_output()\fR returns a
 token of type \s-1REMCTL_OUT_ERROR\s0 or \s-1REMCTL_OUT_STATUS.\s0
 .PP
 A \s-1REMCTL_OUT_OUTPUT\s0 token will have data in the data field, whose length
@@ -199,7 +203,7 @@ not be localized, and should not be used for programmatic comparisons.
 For the possible error code values and their meanings, see the remctl
 protocol specification.
 .PP
-If \fIremctl_output()\fR is called when there is no pending output from the
+If \fBremctl_output()\fR is called when there is no pending output from the
 remote server (after a \s-1REMCTL_OUT_ERROR\s0 or \s-1REMCTL_OUT_STATUS\s0 token has
 already been returned, for example), a token of type \s-1REMCTL_OUT_DONE\s0 will
 be returned.  \s-1REMCTL_OUT_DONE\s0 tokens do not use any of the other fields of
@@ -207,13 +211,13 @@ the remctl_output struct.
 .PP
 The returned remctl_output struct must not be freed by the caller.  It
 will be invalidated on any subsequent call to any other remctl \s-1API\s0
-function other than \fIremctl_error()\fR on the same remctl client object; the
+function other than \fBremctl_error()\fR on the same remctl client object; the
 caller should therefore copy out of the remctl_output struct any data it
 wishes to preserve before making any subsequent remctl \s-1API\s0 calls.
 .SH "RETURN VALUE"
 .IX Header "RETURN VALUE"
-\&\fIremctl_output()\fR returns a pointer to a remctl_output struct on success and
-\&\s-1NULL\s0 on failure.  On failure, the caller should call \fIremctl_error()\fR to
+\&\fBremctl_output()\fR returns a pointer to a remctl_output struct on success and
+\&\s-1NULL\s0 on failure.  On failure, the caller should call \fBremctl_error()\fR to
 retrieve the error message.
 .SH "AUTHOR"
 .IX Header "AUTHOR"
@@ -231,8 +235,8 @@ warranty.
 SPDX-License-Identifier: \s-1FSFAP\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIremctl_new\fR\|(3), \fIremctl_open\fR\|(3), \fIremctl_command\fR\|(3), \fIremctl_commandv\fR\|(3),
-\&\fIremctl_error\fR\|(3)
+\&\fBremctl_new\fR\|(3), \fBremctl_open\fR\|(3), \fBremctl_command\fR\|(3), \fBremctl_commandv\fR\|(3),
+\&\fBremctl_error\fR\|(3)
 .PP
 The current version of the remctl library and complete details of the
 remctl protocol are available from its web page at
diff --git a/docs/api/remctl_set_ccache.3 b/docs/api/remctl_set_ccache.3
index dc0a2cb..548d3f3 100644
--- a/docs/api/remctl_set_ccache.3
+++ b/docs/api/remctl_set_ccache.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTL_SET_CCACHE 3"
-.TH REMCTL_SET_CCACHE 3 "2018-05-05" "3.15" "remctl Library Reference"
+.TH REMCTL_SET_CCACHE 3 "2019-10-26" "3.16" "remctl Library Reference"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -143,9 +147,9 @@ remctl_set_ccache \- Set credential cache for remctl client connections
 int \fBremctl_set_ccache\fR(struct remctl *\fIr\fR, const char *\fIccache\fR);
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIremctl_set_ccache()\fR tells the the remctl client library to use \fIccache\fR
+\&\fBremctl_set_ccache()\fR tells the the remctl client library to use \fIccache\fR
 as the credential cache for authentication to a remctl server.  It will
-affect any subsequent \fIremctl_open()\fR calls on the same struct remctl object
+affect any subsequent \fBremctl_open()\fR calls on the same struct remctl object
 (and may have broader effects; see \s-1WARNINGS\s0 below).  \fIccache\fR is
 normally a path to a file in the file system that holds Kerberos
 credentials, but may take other values depending on the underlying
@@ -157,8 +161,8 @@ call this function or check whether that environment variable is set
 first.
 .SH "RETURN VALUE"
 .IX Header "RETURN VALUE"
-\&\fIremctl_set_ccache()\fR returns true on success and false on failure.  On
-failure, the caller should call \fIremctl_error()\fR to retrieve the error
+\&\fBremctl_set_ccache()\fR returns true on success and false on failure.  On
+failure, the caller should call \fBremctl_error()\fR to retrieve the error
 message.
 .PP
 This function will always return failure if the underlying GSS-API
@@ -187,15 +191,15 @@ underlying library rather than some other cause.
 .IX Header "COMPATIBILITY"
 This interface was added in version 3.0, but that version would always
 change the ticket cache used by all GSS-API calls in the same process.
-Support for the \fIgss_krb5_import_cred()\fR method of isolating the changed
+Support for the \fBgss_krb5_import_cred()\fR method of isolating the changed
 ticket cache to only this remctl client object was added in version 3.5.
 .SH "WARNINGS"
 .IX Header "WARNINGS"
 The effect of this function is only localized to this specific remctl
 client context if the remctl client library was built against a Kerberos
 as well as GSS-API library and the GSS-API library supported
-\&\fIgss_krb5_import_cred()\fR.  Otherwise, it falls back to calling
-\&\fIgss_krb5_ccache_name()\fR, which sets the credential cache used by the
+\&\fBgss_krb5_import_cred()\fR.  Otherwise, it falls back to calling
+\&\fBgss_krb5_ccache_name()\fR, which sets the credential cache used by the
 underlying GSS-API library for every GSS-API operation in the current
 execution context (process or thread), not just for this remctl object or
 even just for remctl operations.  This function may therefore change
@@ -217,7 +221,7 @@ warranty.
 SPDX-License-Identifier: \s-1FSFAP\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIremctl_new\fR\|(3), \fIremctl_open\fR\|(3), \fIremctl_error\fR\|(3)
+\&\fBremctl_new\fR\|(3), \fBremctl_open\fR\|(3), \fBremctl_error\fR\|(3)
 .PP
 The current version of the remctl library and complete details of the
 remctl protocol are available from its web page at
diff --git a/docs/api/remctl_set_source_ip.3 b/docs/api/remctl_set_source_ip.3
index 3f03551..e17b874 100644
--- a/docs/api/remctl_set_source_ip.3
+++ b/docs/api/remctl_set_source_ip.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTL_SET_SOURCE_IP 3"
-.TH REMCTL_SET_SOURCE_IP 3 "2018-05-05" "3.15" "remctl Library Reference"
+.TH REMCTL_SET_SOURCE_IP 3 "2019-10-26" "3.16" "remctl Library Reference"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -143,9 +147,9 @@ remctl_set_source_ip \- Set source IP for remctl client connections
 int \fBremctl_set_source_ip\fR(struct remctl *\fIr\fR, const char *\fIsource\fR);
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIremctl_set_source_ip()\fR sets the source \s-1IP\s0 address for subsequent calls to
-\&\fIremctl_open()\fR on the same struct remctl object.  Call this function before
-\&\fIremctl_open()\fR if remctl client connections need to come from a specific
+\&\fBremctl_set_source_ip()\fR sets the source \s-1IP\s0 address for subsequent calls to
+\&\fBremctl_open()\fR on the same struct remctl object.  Call this function before
+\&\fBremctl_open()\fR if remctl client connections need to come from a specific
 source \s-1IP.\s0
 .PP
 The \fIsource\fR parameter may be an IPv4 or IPv6 address (assuming the host
@@ -154,11 +158,11 @@ supports IPv6).
 Be aware that if you set an IPv4 source address and then attempt to
 connect to an IPv6 address or IPv6\-only host, or if you set an IPv6
 address and then attempt to connect to an IPv4 address or IPv4\-only host,
-you will get a connection failure error from \fIremctl_open()\fR.
+you will get a connection failure error from \fBremctl_open()\fR.
 .SH "RETURN VALUE"
 .IX Header "RETURN VALUE"
-\&\fIremctl_set_source_ip()\fR returns true on success and false on failure.  On
-failure, the caller should call \fIremctl_error()\fR to retrieve the error
+\&\fBremctl_set_source_ip()\fR returns true on success and false on failure.  On
+failure, the caller should call \fBremctl_error()\fR to retrieve the error
 message.
 .SH "COMPATIBILITY"
 .IX Header "COMPATIBILITY"
@@ -179,7 +183,7 @@ warranty.
 SPDX-License-Identifier: \s-1FSFAP\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIremctl_new\fR\|(3), \fIremctl_open\fR\|(3), \fIremctl_error\fR\|(3)
+\&\fBremctl_new\fR\|(3), \fBremctl_open\fR\|(3), \fBremctl_error\fR\|(3)
 .PP
 The current version of the remctl library and complete details of the
 remctl protocol are available from its web page at
diff --git a/docs/api/remctl_set_timeout.3 b/docs/api/remctl_set_timeout.3
index cb839bf..236e829 100644
--- a/docs/api/remctl_set_timeout.3
+++ b/docs/api/remctl_set_timeout.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTL_SET_TIMEOUT 3"
-.TH REMCTL_SET_TIMEOUT 3 "2018-05-05" "3.15" "remctl Library Reference"
+.TH REMCTL_SET_TIMEOUT 3 "2019-10-26" "3.16" "remctl Library Reference"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -143,12 +147,12 @@ remctl_set_timeout \- Set timeout for subsequent remctl client operations
 int \fBremctl_set_timeout\fR(struct remctl *\fIr\fR, time_t \fItimeout\fR);
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
-\&\fIremctl_set_timeout()\fR sets the timeout for connections and commands to
+\&\fBremctl_set_timeout()\fR sets the timeout for connections and commands to
 \&\fItimeout\fR, which should be an integer number of seconds.  \fItimeout\fR may
 be 0 to clear a timeout that was previously set and restore the default
 behavior of having no timeout.  All subsequent operations on the given
 struct remctl argument will be subject to this timeout, including
-\&\fIremctl_open()\fR if called prior to calling \fIremctl_open()\fR.
+\&\fBremctl_open()\fR if called prior to calling \fBremctl_open()\fR.
 .PP
 The timeout is a timeout on network activity from the server, not on a
 complete operation.  So, for example, a timeout of ten seconds just
@@ -157,9 +161,9 @@ sends only tiny amounts of data at a time, the complete operation could
 take much longer than ten seconds without triggering the timeout.
 .SH "RETURN VALUE"
 .IX Header "RETURN VALUE"
-\&\fIremctl_set_timeout()\fR returns true on success and false on failure.  The
+\&\fBremctl_set_timeout()\fR returns true on success and false on failure.  The
 only failure case is if \fItimeout\fR is negative.  On failure, the caller
-should call \fIremctl_error()\fR to retrieve the error message.
+should call \fBremctl_error()\fR to retrieve the error message.
 .SH "COMPATIBILITY"
 .IX Header "COMPATIBILITY"
 This interface was added in version 3.1.
@@ -179,8 +183,8 @@ warranty.
 SPDX-License-Identifier: \s-1FSFAP\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIremctl_new\fR\|(3), \fIremctl_command\fR\|(3), \fIremctl_open\fR\|(3), \fIremctl_output\fR\|(3),
-\&\fIremctl_error\fR\|(3)
+\&\fBremctl_new\fR\|(3), \fBremctl_command\fR\|(3), \fBremctl_open\fR\|(3), \fBremctl_output\fR\|(3),
+\&\fBremctl_error\fR\|(3)
 .PP
 The current version of the remctl library and complete details of the
 remctl protocol are available from its web page at
diff --git a/docs/metadata/debian/summary b/docs/metadata/debian/summary
new file mode 100644
index 0000000..8316a52
--- /dev/null
+++ b/docs/metadata/debian/summary
@@ -0,0 +1,10 @@
+Debian packages are available from Debian as of Debian 3.1 (sarge).  For
+Debian 4.0 (etch) and later, install remctl-server for the server and
+remctl-client for the client.  (The sarge release had a single remctl
+package that contained both.)
+
+The Net::Remctl Perl module is available in Debian 5.0 (lenny) and newer;
+install libnet-remctl-perl for it.  The PHP bindings (php5-remctl), Python
+bindings (python-remctl), and Ruby bindings (ruby-remctl) are available in
+Debian 6.0 (squeeze) and newer.  The Ruby bindings package is named
+libremctl-ruby in Debian versions before 7.0 (wheezy).
diff --git a/docs/metadata/metadata.json b/docs/metadata/metadata.json
index 03c3ea0..ba2802e 100644
--- a/docs/metadata/metadata.json
+++ b/docs/metadata/metadata.json
@@ -1,6 +1,6 @@
 {
     "name": "remctl",
-    "version": "3.15",
+    "version": "3.16",
     "synopsis": "remote authenticated command execution with ACLs",
     "maintainer": "Russ Allbery <eagle@eyrie.org>",
     "copyrights": [
@@ -65,6 +65,18 @@
     "docs": {
         "user": [
             {
+                "name": "remctl",
+                "title": "remctl manual page",
+            },
+            {
+                "name": "remctl-shell",
+                "title": "remctl-shell manual page",
+            },
+            {
+                "name": "remctld",
+                "title": "remctld manual page",
+            },
+            {
                 "name": "java-readme",
                 "title": "Java client and server README",
             },
@@ -81,18 +93,6 @@
                 "title": "Ruby bindings README",
             },
             {
-                "name": "remctl",
-                "title": "remctl manual page",
-            },
-            {
-                "name": "remctl-shell",
-                "title": "remctl-shell manual page",
-            },
-            {
-                "name": "remctld",
-                "title": "remctld manual page",
-            },
-            {
                 "name": "thanks",
                 "title": "Thanks and credits",
             },
diff --git a/docs/metadata/packaging/extra b/docs/metadata/packaging/extra
new file mode 100644
index 0000000..2be114e
--- /dev/null
+++ b/docs/metadata/packaging/extra
@@ -0,0 +1,5 @@
+For those using Puppet, there is a
+[Puppet module](https://forge.puppetlabs.com/ccin2p3/remctl)
+available for installing the remctl server and managing server
+configurations.  This was written and is maintained by the IN2P3 Computing
+Centre; see that page for more information.
diff --git a/docs/metadata/requirements b/docs/metadata/requirements
index 83bc59e..b81f184 100644
--- a/docs/metadata/requirements
+++ b/docs/metadata/requirements
@@ -36,8 +36,9 @@ or later and phpize, plus any other programs that phpize requires.  PHP
 only tested on PHP 7.x and later.
 
 To build the Python bindings for the C client library, you will need
-Python 2.3 or later (primarily tested with Python 2.7).  Python 3 is not
-(yet) supported.
+Python 2.7, or Python 3.1 or later.  You will also need the setuptools,
+pytest, and pytest-runner modules and, for Python 2, the typing module.
+Earlier versions may work back to possibly Python 2.3, but are not tested.
 
 To build the Ruby bindings for the C client library, you will need Ruby
 1.8 or later (primarily tested with 2.5 and later).
diff --git a/docs/protocol.html b/docs/protocol.html
index 823cd4b..d43b026 100644
--- a/docs/protocol.html
+++ b/docs/protocol.html
@@ -391,7 +391,7 @@
 <link href="#rfc.authors" rel="Chapter">
 
 
-  <meta name="generator" content="xml2rfc version 2.9.6 - https://tools.ietf.org/tools/xml2rfc" />
+  <meta name="generator" content="xml2rfc version 2.32.0 - https://tools.ietf.org/tools/xml2rfc" />
   <link rel="schema.dct" href="http://purl.org/dc/terms/" />
 
   <meta name="dct.creator" content="Allbery, R." />
diff --git a/docs/remctl-shell.8.in b/docs/remctl-shell.8.in
index 136679c..63b27e6 100644
--- a/docs/remctl-shell.8.in
+++ b/docs/remctl-shell.8.in
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTL-SHELL 8"
-.TH REMCTL-SHELL 8 "2018-05-05" "3.15" "remctl"
+.TH REMCTL-SHELL 8 "2019-10-26" "3.16" "remctl"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -160,7 +164,7 @@ that holds connections open for multiple commands.
 .PP
 \&\fBremctl-shell\fR is designed to mimic the behavior of \fBremctld\fR and uses
 the same configuration syntax and environment variables.  See
-\&\*(L"\s-1CONFIGURATION FILE\*(R"\s0 in \fIremctld\fR\|(8) for configuration information and
+\&\*(L"\s-1CONFIGURATION FILE\*(R"\s0 in \fBremctld\fR\|(8) for configuration information and
 \&\s-1ENVIRONMENT\s0 below for more specific details about environment variable
 handling.  The location of the configuration file may be specified with
 the \fB\-f\fR option.  The default location is \fI\f(CI@sysconfdir\fI@/remctl.conf\fR.
@@ -494,7 +498,7 @@ warranty.
 SPDX-License-Identifier: \s-1FSFAP\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIremctld\fR\|(8), \fIsshd\fR\|(8)
+\&\fBremctld\fR\|(8), \fBsshd\fR\|(8)
 .PP
 The current version of this program is available from its web page at
 <https://www.eyrie.org/~eagle/software/remctl/>.
diff --git a/docs/remctl.1 b/docs/remctl.1
index 2902370..e65af55 100644
--- a/docs/remctl.1
+++ b/docs/remctl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTL 1"
-.TH REMCTL 1 "2018-05-05" "3.15" "remctl"
+.TH REMCTL 1 "2019-10-26" "3.16" "remctl"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -139,7 +143,7 @@ remctl \- Remote execution tool
 .SH "SYNOPSIS"
 .IX Header "SYNOPSIS"
 remctl [\fB\-dhv\fR] [\fB\-b\fR \fIsource-ip\fR] [\fB\-p\fR \fIport\fR] [\fB\-s\fR \fIservice\fR]
-    \fIhost\fR \fIcommand\fR [\fIsubcommand\fR [\fIparameters\fR ...]]
+    [\fB\-t\fR \fItimeout\fR] \fIhost\fR \fIcommand\fR [\fIsubcommand\fR [\fIparameters\fR ...]]
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 \&\fBremctl\fR is a program that allows a user to execute commands remotely on
@@ -185,6 +189,16 @@ on the legacy port (4444) if that fails.
 rather than the default server identity of host/\fIhostname\fR.  This may be
 necessary with, for instance, a server where \fBremctld\fR is not running as
 root.
+.IP "\fB\-t\fR \fItimeout\fR" 4
+.IX Item "-t timeout"
+[3.16] Set the timeout for all network operations to \fItimeout\fR (in
+seconds).
+.Sp
+This is a timeout on network activity, not on a complete operation; for
+example, a timeout of ten seconds just requires that the server send some
+data at least every ten seconds.  If the server sends only tiny amounts of
+data at a time, the complete operation could take much longer without
+triggering the timeout.
 .IP "\fB\-v\fR" 4
 .IX Item "-v"
 [1.10] Print the version of \fBremctl\fR and exit.
@@ -226,7 +240,7 @@ only speak version one of the remctl protocol, \fBremctl\fR may have problems
 with \s-1MIC\s0 verification.  This doesn't affect new clients and servers since
 the version two protocol doesn't use MICs.  If you are using Heimdal and
 run into \s-1MIC\s0 verification problems, see the \s-1COMPATIBILITY\s0 section of
-\&\fIgssapi\fR\|(3).
+\&\fBgssapi\fR\|(3).
 .SH "NOTES"
 .IX Header "NOTES"
 The remctl port number, 4373, was derived by tracing the diagonals of a
@@ -237,6 +251,8 @@ The remctl port number, 4373, was derived by tracing the diagonals of a
 maintenance are done by Russ Allbery <eagle@eyrie.org>.
 .SH "COPYRIGHT AND LICENSE"
 .IX Header "COPYRIGHT AND LICENSE"
+Copyright 2018 Russ Allbery <eagle@eyrie.org>
+.PP
 Copyright 2002\-2011, 2014 The Board of Trustees of the Leland Stanford
 Junior University
 .PP
@@ -248,7 +264,7 @@ warranty.
 SPDX-License-Identifier: \s-1FSFAP\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIkinit\fR\|(1), \fIremctld\fR\|(8)
+\&\fBkinit\fR\|(1), \fBremctld\fR\|(8)
 .PP
 The current version of this program is available from its web page at
 <https://www.eyrie.org/~eagle/software/remctl/>.
diff --git a/docs/remctl.pod b/docs/remctl.pod
index 668a416..df7db0c 100644
--- a/docs/remctl.pod
+++ b/docs/remctl.pod
@@ -11,7 +11,7 @@ remctl - Remote execution tool
 =head1 SYNOPSIS
 
 remctl [B<-dhv>] [B<-b> I<source-ip>] [B<-p> I<port>] [B<-s> I<service>]
-    I<host> I<command> [I<subcommand> [I<parameters> ...]]
+    [B<-t> I<timeout>] I<host> I<command> [I<subcommand> [I<parameters> ...]]
 
 =head1 DESCRIPTION
 
@@ -67,6 +67,17 @@ rather than the default server identity of host/I<hostname>.  This may be
 necessary with, for instance, a server where B<remctld> is not running as
 root.
 
+=item B<-t> I<timeout>
+
+[3.16] Set the timeout for all network operations to I<timeout> (in
+seconds).
+
+This is a timeout on network activity, not on a complete operation; for
+example, a timeout of ten seconds just requires that the server send some
+data at least every ten seconds.  If the server sends only tiny amounts of
+data at a time, the complete operation could take much longer without
+triggering the timeout.
+
 =item B<-v>
 
 [1.10] Print the version of B<remctl> and exit.
@@ -126,6 +137,8 @@ maintenance are done by Russ Allbery <eagle@eyrie.org>.
 
 =head1 COPYRIGHT AND LICENSE
 
+Copyright 2018 Russ Allbery <eagle@eyrie.org>
+
 Copyright 2002-2011, 2014 The Board of Trustees of the Leland Stanford
 Junior University
 
@@ -135,7 +148,7 @@ this notice are preserved.  This file is offered as-is, without any
 warranty.
 
 SPDX-License-Identifier: FSFAP
-  
+
 =head1 SEE ALSO
 
 kinit(1), remctld(8)
diff --git a/docs/remctld.8.in b/docs/remctld.8.in
index 70f9955..fc6be4f 100644
--- a/docs/remctld.8.in
+++ b/docs/remctld.8.in
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -54,16 +54,20 @@
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+.    if \nF \{\
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    if !\nF==2 \{\
-.        nr % 0
-.        nr F 2
+.        if !\nF==2 \{\
+.            nr % 0
+.            nr F 2
+.        \}
 .    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTLD 8"
-.TH REMCTLD 8 "2018-05-05" "3.15" "remctl"
+.TH REMCTLD 8 "2019-10-26" "3.16" "remctl"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -425,7 +429,7 @@ of service discovery.  Also see the \f(CW\*(C`help\*(C'\fR option.
 .IX Item "user=(username | uid)"
 [3.1] Run this command as the specified user, which can be given as either
 a username or as a \s-1UID.\s0  Even if given as a \s-1UID,\s0 the user must be found in
-the user database (searched via \fIgetpwuid\fR\|(3)).  \fBremctld\fR will run the
+the user database (searched via \fBgetpwuid\fR\|(3)).  \fBremctld\fR will run the
 command as the specified user, including that user's primary and
 supplemental groups.
 .RE
@@ -529,7 +533,7 @@ alone does not grant access to anyone, and using deny on itself as in
 .IP "gput" 4
 .IX Item "gput"
 [2.13] This method is used to grant access based on the \s-1CMU GPUT\s0 (Global
-Privileged User Table \*(-- see \fIgput\fR\|(5)).  The data is either a \s-1GPUT\s0 role
+Privileged User Table \*(-- see \fBgput\fR\|(5)).  The data is either a \s-1GPUT\s0 role
 name or a string of the form \fIgroup\fR[\fIxform\fR], where \fIgroup\fR is a \s-1GPUT\s0
 role name and \fIxform\fR is a \s-1GPUT\s0 transform string.  Access is granted if
 the user is a member of the specified \s-1GPUT\s0 group, after applying either
@@ -542,14 +546,14 @@ by using the \f(CW\*(C`\-\-with\-gput\*(C'\fR configure option.
 [3.9] This method is used to grant or deny access based on membership in
 local \s-1UNIX\s0 groups.  The data is taken to be a name of a local system
 group.  The user principal is converted to a local user name
-with \fIkrb5_aname_to_localname\fR\|(3) and then compared to the members of the
+with \fBkrb5_aname_to_localname\fR\|(3) and then compared to the members of the
 given group.
 .Sp
 For example, to allow access to the members of group \f(CW\*(C`goodguys\*(C'\fR, use an
 \&\s-1ACL\s0 of \f(CW\*(C`localgroup:goodguys\*(C'\fR syntax.  To deny access to the members of
 group \f(CW\*(C`badguys\*(C'\fR, use \f(CW\*(C`deny:localgroup:badguys\*(C'\fR.
 .Sp
-\&\fIkrb5_aname_to_localname()\fR follows local configuration rules to determine
+\&\fBkrb5_aname_to_localname()\fR follows local configuration rules to determine
 how to convert Kerberos principal to local users.  If the realm of the
 principal is not in a local realm and is not otherwise covered by one of
 those rules, the principal will be unchanged, which will almost certainly
@@ -557,7 +561,7 @@ mean that it will not be a member of any local group and access will be
 denied.
 .Sp
 This method is supported only if \fBremctld\fR was built with Kerberos
-support and the \fIgetgrnam_r\fR\|(3) library function was supported by the C
+support and the \fBgetgrnam_r\fR\|(3) library function was supported by the C
 library when it was built.
 .IP "pcre" 4
 .IX Item "pcre"
@@ -604,13 +608,13 @@ stand-alone mode (\fB\-m\fR):
 If these environment variables are set, \fBremctld\fR will expect to be
 provided its listening sockets via the systemd socket activation protocol
 and will not attempt to bind its own sockets.  For more details on the
-protocol, see \fIdaemon\fR\|(7) and \fIsd_listen_fds\fR\|(3).
+protocol, see \fBdaemon\fR\|(7) and \fBsd_listen_fds\fR\|(3).
 .IP "\s-1NOTIFY_SOCKET\s0" 4
 .IX Item "NOTIFY_SOCKET"
 If this environment variable is set, \fBremctld\fR will notify the socket
 named in this variable when it is ready to accept incoming packets using
 the systemd status notification protocol.  For more details, see
-\&\fIdaemon\fR\|(7) and \fIsd_notify\fR\|(3).
+\&\fBdaemon\fR\|(7) and \fBsd_notify\fR\|(3).
 .Sp
 Note that using socket activation is recommended when running under
 systemd in stand-alone mode, and status notification is not necessary or
@@ -780,7 +784,7 @@ only speak version one of the remctl protocol, \fBremctld\fR may have
 problems with \s-1MIC\s0 verification.  This doesn't affect new clients and
 servers since the version two protocol doesn't use MICs.  If you are using
 Heimdal and run into \s-1MIC\s0 verification problems, see the \s-1COMPATIBILITY\s0
-section of \fIgssapi\fR\|(3).
+section of \fBgssapi\fR\|(3).
 .PP
 \&\fBremctld\fR does not itself impose any limits on the number of child
 processes or other system resources.  You may want to set resource limits
@@ -813,7 +817,7 @@ warranty.
 SPDX-License-Identifier: \s-1FSFAP\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-\&\fIremctl\fR\|(1), \fIsyslog\fR\|(3), \fItcpserver\fR\|(1)
+\&\fBremctl\fR\|(1), \fBsyslog\fR\|(3), \fBtcpserver\fR\|(1)
 .PP
 The current version of this program is available from its web page at
 <https://www.eyrie.org/~eagle/software/remctl/>.
author	Russ Allbery <eagle@eyrie.org>	2019-10-26 12:13:46 -0700
committer	Russ Allbery <eagle@eyrie.org>	2019-10-26 12:13:46 -0700
commit	fc5a07a35d43c8e83bf9abcdcdb08617fb1e5f84 (patch)
tree	7621e468a592d70218b98b737c58eec80b80454a /docs
parent	a44706681f19d3209f79d059060ca3003db27e4f (diff)
parent	76c42d785152a1b25c8e6fedca827511b3e68cfd (diff)