mdoc(ng) fixes

Submitted by:	ru

22 files changed, 128 insertions, 145 deletions

diff --git a/crypto/kerberosIV/lib/roken/getarg.3 b/crypto/kerberosIV/lib/roken/getarg.3
index 78a88028caf4..fc4ca83c29a1 100644
--- a/crypto/kerberosIV/lib/roken/getarg.3
+++ b/crypto/kerberosIV/lib/roken/getarg.3
@@ -9,13 +9,10 @@
 .Nd collect command line options
 .Sh SYNOPSIS
 .Fd #include <getarg.h>
-
 .Ft int
 .Fn getarg "struct getargs *args" "size_t num_args" "int argc" "char **argv" "int *optind"
-
 .Ft void
 .Fn arg_printusage "struct getargs *args" "size_t num_args" "const char *progname" "const char *extra_string"
-
 .Sh DESCRIPTION
 .Fn getarg
 collects any command line options given to a program in an easily used way. 
@@ -45,7 +42,8 @@ take the same
 and
 .Fa num_args
 as getarg;
-.Fa progname is the name of the program (to be used in the help text), and 
+.Fa progname
+is the name of the program (to be used in the help text), and 
 .Fa extra_string
 is a string to print after the actual options to indicate more
 arguments. The usefulness of this function is realised only be people
@@ -55,7 +53,6 @@ the code does.
 The
 .Fa getargs
 struct has the following elements.
-
 .Bd -literal
 struct getargs{
     const char *long_name;
@@ -176,7 +173,7 @@ and
 .Fa *optarg ,
 but to do this correct you (more or less) have to know about the inner
 workings of getarg.
- 
+.Pp 
 You can skip parts of arguments by increasing
 .Fa *optarg
 (you could
@@ -233,8 +230,6 @@ and if you're really confused you can do it multiple times
 .Pf ( Fl -no-no-help= Ns Ar false ,
 or even 
 .Fl -no-no-help= Ns Ar maybe ) .
-
-.Pp
 .Sh EXAMPLE
 .Bd -literal
 #include <stdio.h>
@@ -276,11 +271,11 @@ main(int argc, char **argv)
 	exit (0);
     }
     if (destination == NULL) {
-	fprintf(stderr, "%s: must specify destination\n", progname);
+	fprintf(stderr, "%s: must specify destination\en", progname);
 	exit(1);
     }
     if (strcmp(source, destination) == 0) {
-	fprintf(stderr, "%s: destination must be different from source\n");
+	fprintf(stderr, "%s: destination must be different from source\en");
 	exit(1);
     }
     /* include more stuff here ... */
@@ -298,7 +293,6 @@ Usage: ship++ [--source=city] [-s city] [--destination=city] [-d city]
 -w tons, --weight=tons      weight of shippment
 -c, --no-catalog            include product catalog
 .Ed
-
 .Sh BUGS
 It should be more flexible, so it would be possible to use other more
 complicated option syntaxes, such as what
diff --git a/crypto/kerberosIV/man/afslog.1 b/crypto/kerberosIV/man/afslog.1
index 625f83130a03..5202a71bb63e 100644
--- a/crypto/kerberosIV/man/afslog.1
+++ b/crypto/kerberosIV/man/afslog.1
@@ -5,8 +5,7 @@
 .Os KTH-KRB
 .Sh NAME
 .Nm afslog
-.Nd
-obtains AFS tokens for specified cells
+.Nd "obtains AFS tokens for specified cells"
 .Sh SYNOPSIS
 .Nm
 .Op Fl d
diff --git a/crypto/kerberosIV/man/ftp.1 b/crypto/kerberosIV/man/ftp.1
index e5c21f096145..9ad7f4c9e9b5 100644
--- a/crypto/kerberosIV/man/ftp.1
+++ b/crypto/kerberosIV/man/ftp.1
@@ -913,7 +913,7 @@ if verbose is on, when a file transfer completes, statistics
 regarding the efficiency of the transfer are reported.
 By default,
 verbose is on.
-.It Ic ? Op Ar command
+.It Ic \&? Op Ar command
 A synonym for help.
 .El
 .Pp
diff --git a/crypto/kerberosIV/man/ftpd.8 b/crypto/kerberosIV/man/ftpd.8
index c51de1ce06dc..745090c3f0e0 100644
--- a/crypto/kerberosIV/man/ftpd.8
+++ b/crypto/kerberosIV/man/ftpd.8
@@ -38,8 +38,7 @@
 .Os BSD 4.2
 .Sh NAME
 .Nm ftpd
-.Nd
-Internet File Transfer Protocol server
+.Nd Internet File Transfer Protocol server
 .Sh SYNOPSIS
 .Nm ftpd
 .Op Fl a Ar authmode
@@ -81,7 +80,7 @@ but only OTP is allowed.
 .It Ar ftp
 Allow anonymous login.
 .El
-
+.Pp
 The following combination modes exists for backwards compatibility:
 .Bl -tag -width plain
 .It Ar none
@@ -319,7 +318,7 @@ that the
 .Dq ftp
 subtree be constructed with care, consider following these guidelines
 for anonymous ftp.
-
+.Pp
 In general all files should be owned by
 .Dq root ,
 and have non-write permissions (644 or 755 depending on the kind of
@@ -377,7 +376,7 @@ and
 .Xr group 5
 files here, ls will be able to produce owner names rather than
 numbers. Remember to remove any passwords from these files.  
-
+.Pp
 The file
 .Pa motd ,
 if present, will be printed after a successful login.
@@ -388,7 +387,7 @@ here.
 .It Pa ~ftp/pub
 Traditional place to put whatever you want to make public.
 .El
-
+.Pp
 If you want guests to be able to upload files, create a
 .Pa ~ftp/incoming
 directory owned by 
@@ -459,6 +458,7 @@ FTP PROTOCOL SPECIFICATION
 OTP Specification
 .It Cm RFC 2228
 FTP Security Extensions.
+.El
 .Sh BUGS
 The server must run as the super-user
 to create sockets with privileged port numbers.  It maintains
diff --git a/crypto/kerberosIV/man/ftpusers.5 b/crypto/kerberosIV/man/ftpusers.5
index dfd66f94003b..c1960d192beb 100644
--- a/crypto/kerberosIV/man/ftpusers.5
+++ b/crypto/kerberosIV/man/ftpusers.5
@@ -5,8 +5,7 @@
 .Os KTH-KRB
 .Sh NAME
 .Pa /etc/ftpusers
-.Nd
-FTP access list file.
+.Nd FTP access list file
 .Sh DESCRIPTION
 .Pa /etc/ftpusers
 contains a list of users that should be allowed or denied FTP
@@ -20,7 +19,7 @@ matches any user.  Users that has an explicit
 .Dq allow ,
 or that does not match any line, are allowed access. Anyone else is
 denied access.
-
+.Pp
 Note that this is compatible with the old format, where this file
 contained a list of users that should be denied access.
 .Sh EXAMPLES
diff --git a/crypto/kerberosIV/man/kadmin.8 b/crypto/kerberosIV/man/kadmin.8
index afd91269356b..bc2f43bb7d01 100644
--- a/crypto/kerberosIV/man/kadmin.8
+++ b/crypto/kerberosIV/man/kadmin.8
@@ -4,14 +4,12 @@
 .\" For copying and distribution information,
 .\" please see the file <mit-copyright.h>.
 .\"
-
 .Dd February  3, 1998
 .Dt KADMIN 8
 .Os "KTH-KRB"
 .Sh NAME
 .Nm kadmin
-.Nd
-network utility for Kerberos database administration
+.Nd "network utility for Kerberos database administration"
 .Sh SYNOPSIS
 .Nm
 .Op Fl p Ar principal
@@ -23,7 +21,7 @@ network utility for Kerberos database administration
 .Op Fl -version
 .Op Fl h
 .Op Fl -help
-.Ar [command]
+.Op Ar command
 .Sh DESCRIPTION
 This utility provides a unified administration interface to the
 Kerberos master database.  Kerberos administrators use
@@ -64,7 +62,7 @@ for
 .It Fl t
 Use existing tickets (if any are available), this also disbles
 timeout, and doesn't destroy any tickets upon exit.
-
+.Pp
 These tickets have to be for the changepw.kerberos service.  Use
 .Nm kinit -p
 to acquire them.
diff --git a/crypto/kerberosIV/man/kafs.3 b/crypto/kerberosIV/man/kafs.3
index 4a7b5efb8c4f..9afac16e50b3 100644
--- a/crypto/kerberosIV/man/kafs.3
+++ b/crypto/kerberosIV/man/kafs.3
@@ -11,8 +11,8 @@
 .Nm k_afs_cell_of_file ,
 .Nm krb_afslog ,
 .Nm krb_afslog_uid
-\" .Nm krb5_afslog ,
-\" .Nm krb5_afslog_uid
+.\" .Nm krb5_afslog ,
+.\" .Nm krb5_afslog_uid
 .Nd AFS library
 .Sh SYNOPSIS
 .Fd #include <kafs.h>
@@ -30,10 +30,10 @@
 .Fn krb_afslog "char *cell" "char *realm"
 .Ft int
 .Fn krb_afslog_uid "char *cell" "char *realm" "uid_t uid"
-\" .Ft krb5_error_code
-\" .Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid"
-\" .Ft krb5_error_code
-\" .Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm"
+.\" .Ft krb5_error_code
+.\" .Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid"
+.\" .Ft krb5_error_code
+.\" .Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm"
 .Sh DESCRIPTION
 .Fn k_hasafs
 initializes some library internal structures, and tests for the
@@ -41,7 +41,7 @@ presense of AFS in the kernel, none of the other functions should be
 called before 
 .Fn k_hasafs
 is called, or if it fails.
-
+.Pp
 .Fn krb_afslog ,
 and
 .Fn krb_afslog_uid
@@ -66,22 +66,22 @@ field in the token,
 .Fn krb_afslog_uid
 will use
 .Fa uid .
-
-\" .Fn krb5_afslog ,
-\" and 
-\" .Fn krb5_afslog_uid
-\" are the Kerberos 5 equivalents of
-\" .Fn krb_afslog ,
-\" and
-\" .Fn krb_afslog_uid .
-\" The extra arguments are the ubiquitous context, and the cache id where
-\" to store any obtained tickets. Since AFS servers normally can't handle
-\" Kerberos 5 tickets directly, these functions will first obtain version
-\" 5 tickets for the requested cells, and then convert them to version 4
-\" tickets, that can be stashed in the kernel. To convert tickets the
-\" .Fn krb524_convert_creds_kdc
-\" function will be used.
-
+.Pp
+.\" .Fn krb5_afslog ,
+.\" and 
+.\" .Fn krb5_afslog_uid
+.\" are the Kerberos 5 equivalents of
+.\" .Fn krb_afslog ,
+.\" and
+.\" .Fn krb_afslog_uid .
+.\" The extra arguments are the ubiquitous context, and the cache id where
+.\" to store any obtained tickets. Since AFS servers normally can't handle
+.\" Kerberos 5 tickets directly, these functions will first obtain version
+.\" 5 tickets for the requested cells, and then convert them to version 4
+.\" tickets, that can be stashed in the kernel. To convert tickets the
+.\" .Fn krb524_convert_creds_kdc
+.\" function will be used.
+.\" .Pp
 .Fn k_afs_cell_of_file
 will in 
 .Fa cell
@@ -89,23 +89,22 @@ return the cell of a specified file, no more than
 .Fa len
 characters is put in 
 .Fa cell .
-
+.Pp
 .Fn k_pioctl
 does a 
 .Fn pioctl
 syscall with the specified arguments. This function is equivalent to
 .Fn lpioctl .
-
+.Pp
 .Fn k_setpag
 initializes a new PAG.
-
+.Pp
 .Fn k_unlog
 removes destroys all tokens in the current PAG.
-
 .Sh ENVIRONMENT
 The following environment variable affect the mode of operation of
 .Nm kafs :
-.Bl -tag
+.Bl -tag -width AFS_SYSCALL
 .It Ev AFS_SYSCALL
 Normally,
 .Nm kafs
diff --git a/crypto/kerberosIV/man/kauth.1 b/crypto/kerberosIV/man/kauth.1
index 2efb709636e6..72146e6b3d05 100644
--- a/crypto/kerberosIV/man/kauth.1
+++ b/crypto/kerberosIV/man/kauth.1
@@ -5,8 +5,7 @@
 .Os KTH-KRB
 .Sh NAME
 .Nm kauth
-.Nd
-overworked Kerberos login program
+.Nd overworked Kerberos login program
 .Sh SYNOPSIS
 .Nm
 .Op Fl n Ar name
diff --git a/crypto/kerberosIV/man/kauthd.8 b/crypto/kerberosIV/man/kauthd.8
index 4978ff2c5c71..541e696286d0 100644
--- a/crypto/kerberosIV/man/kauthd.8
+++ b/crypto/kerberosIV/man/kauthd.8
@@ -5,8 +5,7 @@
 .Os KTH-KRB
 .Sh NAME
 .Nm kauthd
-.Nd
-remote Kerberos login daemon
+.Nd remote Kerberos login daemon
 .Sh SYNOPSIS
 .Nm
 .Sh DESCRIPTION
@@ -19,7 +18,7 @@ Options supported by
 .Bl -tag -width Ds
 .It Fl i
 Interactive.  Do not expect to be started by
-.Nm inetd,
+.Nm inetd ,
 but allocate and listen to the socket yourself.  Handy for testing
 and debugging.
 .El
diff --git a/crypto/kerberosIV/man/kerberos.8 b/crypto/kerberosIV/man/kerberos.8
index 5d89635d4fbf..0ad1a4ac92d3 100644
--- a/crypto/kerberosIV/man/kerberos.8
+++ b/crypto/kerberosIV/man/kerberos.8
@@ -5,7 +5,7 @@
 .Os KTH-KRB
 .Sh NAME
 .Nm kerberos
-.Nd The kerberos daemon
+.Nd the kerberos daemon
 .Sh SYNPOSIS
 .Nm
 .Op Fl mns
@@ -52,7 +52,8 @@ port specification follows the format:
 The
 .Ar port
 can be either a symbolic port name (from
-.Pa /etc/services), or a number;
+.Pa /etc/services ) ,
+or a number;
 .Ar protocol can be either 
 .Li udp ,
 or
@@ -71,13 +72,12 @@ Run as a server for realm
 Set slave parameters.  This will enable check to see if data is
 getting too stale relative to the master.
 .El
-
+.Pp
 If no 
 .Ar database
 is given a default datbase will be used, normally
 .Pa /var/kerberos/principal .
 .Sh DIAGNOSTICS
-
 The server logs several messages in a log file
 .Pf ( Pa /var/run/kerberos.log
 by default).  The logging mechanism opens and closes the log file for
@@ -115,7 +115,6 @@ An initial (password authenticated) request was received.
 .Xc
 A tgt-based request for a ticket was made.
 .El
-
 .Ss Error messages
 These messages reflects misconfigured clients, invalid requests, or
 possibly attepted attacks.
@@ -167,7 +166,6 @@ because of a broken client, or possibly an attack.
 .It Li KRB protocol version mismatch ( Ar number )
 The server received a request with an unknown version number.
 .El
-
 .Ss Fatal error messages
 The following messages indicate problems when starting the server.
 .Bl -tag -width xxxxx
@@ -186,7 +184,6 @@ The database doesn't contain a
 .Sq krbtgt.REALM
 for the local realm.
 .El
-
 .Sh SEE ALSO
 .Xr kprop 8 ,
 .Xr kpropd 8
diff --git a/crypto/kerberosIV/man/kprop.8 b/crypto/kerberosIV/man/kprop.8
index 376f71592bd5..45a6a2b098cc 100644
--- a/crypto/kerberosIV/man/kprop.8
+++ b/crypto/kerberosIV/man/kprop.8
@@ -5,8 +5,7 @@
 .Os KTH-KRB
 .Sh NAME
 .Nm kprop
-.Nd
-the kerberos slave server update client
+.Nd "the kerberos slave server update client"
 .Sh SYNOPSIS
 .Nm
 .Op Fl force
@@ -20,9 +19,8 @@ the master server through the
 service. To propagate these changes to the slave servers, 
 .Nm 
 should be run regularly on the master server.
-
+.Pp
 The following options are recognised.
-
 .Bl -tag -width -force
 .It Fl force
 Propagate even if there hasn't been an update to the dump file since
@@ -38,14 +36,13 @@ default is
 Contains the names of the slave servers. Default is
 .Pa /var/kerberos/slaves .
 .El
-
+.Pp
 .Nm
 will use the principal 
 .Nm rcmd.kerberos
 to authenticate to the master servers. This principal has to be added
 to the database, and it should also be put into the service key file
 on the master server.
-
 .Sh FILES
 .Bl -tag -width indent -compact
 .It Pa /var/kerberos/slave_dump
diff --git a/crypto/kerberosIV/man/kpropd.8 b/crypto/kerberosIV/man/kpropd.8
index d1dbd16d4e62..c916e0f4ec86 100644
--- a/crypto/kerberosIV/man/kpropd.8
+++ b/crypto/kerberosIV/man/kpropd.8
@@ -5,8 +5,7 @@
 .Os KTH-KRB
 .Sh NAME
 .Nm kpropd
-.Nd
-the kerberos slave server update facility
+.Nd "the kerberos slave server update facility"
 .Sh SYNOPSIS
 .Nm
 .Op Fl i
@@ -24,9 +23,8 @@ responds to database update requests from the
 command. It can either be started from
 .Nm inetd
 or as an ordinary program.
-
+.Pp
 The following options are recognised:
-
 .Bl -tag -width xxxx
 .It Fl i
 Run stand-alone.  If this flag is not given, it is assumed to have
diff --git a/crypto/kerberosIV/man/krb.equiv.5 b/crypto/kerberosIV/man/krb.equiv.5
index e38f94bf6179..511dbf09f25b 100644
--- a/crypto/kerberosIV/man/krb.equiv.5
+++ b/crypto/kerberosIV/man/krb.equiv.5
@@ -5,8 +5,7 @@
 .Os KTH-KRB
 .Sh NAME
 .Nm krb.equiv
-.Nd
-Kerberos equivalent hosts file
+.Nd Kerberos equivalent hosts file
 .Sh DESCRIPTION
 .Nm
 contains a list of IP addresses that is to be considered being the
diff --git a/crypto/kerberosIV/man/krb.extra.5 b/crypto/kerberosIV/man/krb.extra.5
index 38569fdcd805..565232376ded 100644
--- a/crypto/kerberosIV/man/krb.extra.5
+++ b/crypto/kerberosIV/man/krb.extra.5
@@ -5,8 +5,7 @@
 .Os KTH-KRB
 .Sh NAME
 .Nm krb.extra
-.Nd
-Kerberos misc configuration file
+.Nd Kerberos misc configuration file
 .Sh DESCRIPTION
 .Nm
 contains a number of settings that are used by the kerberos library,
diff --git a/crypto/kerberosIV/man/ksrvutil.8 b/crypto/kerberosIV/man/ksrvutil.8
index fdc99e6efe65..7d175e9d5188 100644
--- a/crypto/kerberosIV/man/ksrvutil.8
+++ b/crypto/kerberosIV/man/ksrvutil.8
@@ -7,10 +7,9 @@
 .Dd May 4, 1996
 .Dt KSRVUTIL 8
 .Os KTH-KRB
-
 .Sh NAME
 .Nm ksrvutil 
-host kerberos keyfile (srvtab) manipulation utility
+.Nd "host kerberos keyfile (srvtab) manipulation utility"
 .Sh SYNOPSIS
 .Nm
 .Op Fl f Pa keyfile
@@ -19,7 +18,6 @@ host kerberos keyfile (srvtab) manipulation utility
 .Op Fl p Ar principal
 .Op Fl r Ar realm
 .Ar operation
-
 .Sh DESCRIPTION
 .Nm
 allows a system manager to list or change keys currently in his
@@ -75,10 +73,9 @@ and could supply an initial password.  Then, he could use
 to add the key to the keyfile and then to change the key so that it
 will be random and unknown to either the system manager or the
 kerberos administrator.
-
+.Pp
 .Nm
 always makes a backup copy of the keyfile before making any changes.
-
 .Sh DIAGNOSTICS
 If 
 .Nm
@@ -89,16 +86,14 @@ where
 .Pa filename
 is the name of the keyfile, and a copy of the file with all new
 keys changed or added so far can be found in 
-.Pa filename Ns .work.
+.Pa filename Ns .work .
 The original keyfile is left unmodified until the program exits at
 which point it is removed and replaced it with the workfile.
 Appending the workfile to the backup copy and replacing the keyfile
 with the result should always give a usable keyfile, although the
 resulting keyfile will have some out of date keys in it.
-
 .Sh SEE ALSO
 .Xr kadmin 8 ,
 .Xr ksrvtgt 1
-
 .Sh AUTHOR
 Emanuel Jay Berkenbilt, MIT Project Athena
diff --git a/crypto/kerberosIV/man/login.1 b/crypto/kerberosIV/man/login.1
index b05a6a4dce61..dcdc91927e08 100644
--- a/crypto/kerberosIV/man/login.1
+++ b/crypto/kerberosIV/man/login.1
@@ -43,7 +43,7 @@
 .Op Fl h Ar hostname
 .Op Ar user
 .Sh DESCRIPTION
-.Sy Note:
+.Sy Note :
 this manual page describes the original login program for
 NetBSD. Everything in here might not be true.
 .Pp
diff --git a/crypto/kerberosIV/man/login.access.5 b/crypto/kerberosIV/man/login.access.5
index 28d423c9156c..da93b9d54140 100644
--- a/crypto/kerberosIV/man/login.access.5
+++ b/crypto/kerberosIV/man/login.access.5
@@ -1,10 +1,10 @@
 .\" this is comment
 .Dd April 30, 1994
 .Dt SKEY.ACCESS 5
-.Os FreeBSD 1.2
+.Os FreeBSD
 .Sh NAME
 .Nm login.access
-.Nd Login access control table
+.Nd login access control table
 .Sh DESCRIPTION
 The
 .Nm login.access
@@ -21,7 +21,7 @@ be accepted or refused.
 .Pp
 Each line of the login access control table has three fields separated by a
 ":" character:	  permission : users : origins
-
+.Pp
 The first field should be a "+" (access granted) or "-" (access denied)
 character. The second field should be a list of one or more login names,
 group names, or ALL (always matches).  The third field should be a list
@@ -30,9 +30,9 @@ names (begin with "."), host addresses, internet network numbers (end
 with "."), ALL (always matches) or LOCAL (matches any string that does
 not contain a "." character). If you run NIS you can use @netgroupname
 in host or user patterns.
-
+.Pp
 The EXCEPT operator makes it possible to write very compact rules.
-
+.Pp
 The group file is searched only when a name does not match that of the
 logged-in user. Only groups are matched in which users are explicitly
 listed: the program does not look at a user's primary group id value.
diff --git a/crypto/kerberosIV/man/pagsh.1 b/crypto/kerberosIV/man/pagsh.1
index cd95f8bfc90c..2208fc87df09 100644
--- a/crypto/kerberosIV/man/pagsh.1
+++ b/crypto/kerberosIV/man/pagsh.1
@@ -5,18 +5,21 @@
 .Os KTH-KRB
 .Sh NAME
 .Nm pagsh
-.Nd
-execute a command without authentication
+.Nd execute a command without authentication
 .Sh SYNOPSIS
 .Nm pagsh
-.Op Oo Fl c Oc Nm command Ar args
+.Oo
+.Op Fl c
+.Ar command Ar args
+.Oc
 .Sh DESCRIPTION
 Starts a new subprocess that is detached from any Kerberos ticket
-cache and AFS tokens. Without
-.Nm command
+cache and AFS tokens.
+Without
+.Ar command
 a new shell is started.
 .Sh ENVIRONMENT
-.Bl -tag -width Fl
+.Bl -tag -width $SHELL
 .It Ev $SHELL
 Default shell.
 .El
diff --git a/crypto/kerberosIV/man/rcp.1 b/crypto/kerberosIV/man/rcp.1
index cc5efd0c7b4f..c52258e49764 100644
--- a/crypto/kerberosIV/man/rcp.1
+++ b/crypto/kerberosIV/man/rcp.1
@@ -47,7 +47,7 @@
 .Nm rcp
 .Op Fl Kprx
 .Op Fl k Ar realm
-.Ar file ...
+.Ar
 .Ar directory
 .Sh DESCRIPTION
 .Nm Rcp
diff --git a/crypto/kerberosIV/man/rlogin.1 b/crypto/kerberosIV/man/rlogin.1
index 3e1fd8d06e37..c2d8b77f96ae 100644
--- a/crypto/kerberosIV/man/rlogin.1
+++ b/crypto/kerberosIV/man/rlogin.1
@@ -98,7 +98,7 @@ This specification may be as a literal character, or as an octal
 value in the form \ennn.
 .It Fl k
 The
-.FL k
+.Fl k
 option requests rlogin to obtain tickets for the remote host
 in realm
 .Ar realm
diff --git a/crypto/kerberosIV/man/telnet.1 b/crypto/kerberosIV/man/telnet.1
index 2b3198ec110a..962783f7ce98 100644
--- a/crypto/kerberosIV/man/telnet.1
+++ b/crypto/kerberosIV/man/telnet.1
@@ -98,7 +98,7 @@ BINARY option to be negotiated on output.
 .It Fl S Ar tos
 Sets the IP type-of-service (TOS) option for the telnet
 connection to the value
-.Ar tos,
+.Ar tos ,
 which can be a numeric TOS value
 or, on systems that support it, a symbolic
 TOS name found in the /etc/iptos file.
@@ -134,7 +134,7 @@ Sets the initial
 .Nm
 .Nm telnet
 escape character to
-.Ar escape char.
+.Ar escape char .
 If
 .Ar escape char
 is omitted, then
@@ -304,12 +304,12 @@ auth command are as follows:
 .It Ic disable Ar type
 Disables the specified type of authentication.  To
 obtain a list of available types, use the
-.Ic auth disable \&?
+.Ic auth disable ?\&
 command.
 .It Ic enable Ar type
 Enables the specified type of authentication.  To
 obtain a list of available types, use the
-.Ic auth enable \&?
+.Ic auth enable ?\&
 command.
 .It Ic status
 Lists the current status of the various types of
@@ -336,18 +336,22 @@ option is not supported outside of the United States and Canada.
 .Pp
 Valid arguments for the encrypt command are as follows:
 .Bl -tag -width Ar
-.It Ic disable Ar type Ic [input|output]
+.It Ic disable Ar type Xo
+.Op Cm input | output
+.Xc
 Disables the specified type of encryption.  If you
 omit the input and output, both input and output
 are disabled.  To obtain a list of available
 types, use the
-.Ic encrypt disable \&?
+.Ic encrypt disable ?\&
 command.
-.It Ic enable Ar type Ic [input|output]
+.It Ic enable Ar type Xo
+.Op Cm input | output
+.Xc
 Enables the specified type of encryption.  If you
 omit input and output, both input and output are
 enabled.  To obtain a list of available types, use the
-.Ic encrypt enable \&?
+.Ic encrypt enable ?\&
 command.
 .It Ic input
 This is the same as the
@@ -365,18 +369,18 @@ command.
 This is the same as the
 .Ic encrypt stop output
 command.
-.It Ic start Ic [input|output]
+.It Ic start Op Cm input | output
 Attempts to start encryption.  If you omit
 .Ic input
 and
-.Ic output,
+.Ic output ,
 both input and output are enabled.  To
 obtain a list of available types, use the
-.Ic encrypt enable \&?
+.Ic encrypt enable ?\&
 command.
 .It Ic status
 Lists the current status of encryption.
-.It Ic stop Ic [input|output]
+.It Ic stop Op Cm input | output
 Stops encryption.  If you omit input and output,
 encryption is on both input and output.
 .It Ic type Ar type
@@ -387,7 +391,7 @@ or
 .Ic encrypt stop
 commands.
 .El
-.It Ic environ Ar arguments... 
+.It Ic environ Ar arguments ...
 The
 .Ic environ
 command is used to manipulate the
@@ -416,7 +420,7 @@ command are:
 Define the variable
 .Ar variable
 to have a value of
-.Ar value.
+.Ar value .
 Any variables defined by this command are automatically exported.
 The
 .Ar value
@@ -441,7 +445,7 @@ Those marked with a
 .Cm *
 will be sent automatically,
 other variables will only be sent if explicitly requested.
-.It Ic \&?
+.It Ic ?\&
 Prints out help information for the
 .Ic environ
 command.
@@ -522,17 +526,15 @@ option.
 This requires that the 
 .Dv LINEMODE
 option be enabled.
-.It Ic \&?
+.It Ic ?\&
 Prints out help information for the
 .Ic mode
 command.
 .El
 .It Xo
 .Ic open Ar host
-.Oo Op Fl l
-.Ar user
-.Oc Ns Oo Fl
-.Ar port Oc
+.Op Fl l Ar user
+.Op Oo Fl Oc Ns Ar port
 .Xc
 Open a connection to the named host.
 If no port number
@@ -692,10 +694,10 @@ command.
 can also be either
 .Ic help
 or
-.Ic \&?
+.Ic ?\&
 to print out help information, including
 a list of known symbolic names.
-.It Ic \&?
+.It Ic ?\&
 Prints out help information for the
 .Ic send
 command.
@@ -996,7 +998,7 @@ The initial value for the worderase character is taken to be
 the terminal's
 .Ic worderase
 character.
-.It Ic \&?
+.It Ic ?\&
 Displays the legal
 .Ic set
 .Pq Ic unset
@@ -1040,7 +1042,7 @@ The remote default characters are those of the remote system
 at the time when the 
 .Tn TELNET
 connection was established.
-.It Ic \&?
+.It Ic ?\&
 Prints out help information for the
 .Ic slc
 command.
@@ -1251,10 +1253,12 @@ has ever been enabled, then
 is sent as
 .Ic abort  ,
 and
-.Ic eof and
-.B suspend
+.Ic eof
+and
+.Ic suspend
 are sent as
-.Ic eof and
+.Ic eof
+and
 .Ic susp ,
 see
 .Ic send
@@ -1293,7 +1297,7 @@ skips the reading of the
 file in the users home
 directory when connections are opened.  The initial
 value for this toggle is
-.Dv FALSE.
+.Dv FALSE .
 .It Ic termdata
 Toggles the display of all terminal data (in hexadecimal format).
 The initial value for this toggle is
@@ -1306,7 +1310,7 @@ toggle is
 .Tn TELNET
 prints out a message each time encryption is enabled or
 disabled.  The initial value for this toggle is
-.Dv FALSE.
+.Dv FALSE .
 Note:  Because of export controls, data encryption
 is not supported outside of the United States and Canada.
 .It Ic \&?
@@ -1325,7 +1329,7 @@ system.  If
 .Ic command
 is omitted, then an interactive
 subshell is invoked.
-.It Ic \&? Op Ar command 
+.It Ic ?\& Op Ar command 
 Get help.  With no arguments,
 .Nm telnet
 prints a help summary.
diff --git a/crypto/kerberosIV/man/telnetd.8 b/crypto/kerberosIV/man/telnetd.8
index b26d8ddf1619..6609a4837348 100644
--- a/crypto/kerberosIV/man/telnetd.8
+++ b/crypto/kerberosIV/man/telnetd.8
@@ -95,7 +95,7 @@ has been compiled with support for the
 .Dv AUTHENTICATION
 option.
 There are several valid values for
-.Ar authmode:
+.Ar authmode :
 .Bl -tag -width debug
 .It debug
 Turns on authentication debugging code.
@@ -153,7 +153,7 @@ to the connection, allowing the user to see what
 .Nm telnetd
 is doing.
 There are several possible values for 
-.Ar debugmode:
+.Ar debugmode :
 .Bl -tag -width exercise
 .It Cm options
 Prints information about the negotiation of
@@ -166,7 +166,7 @@ information, plus some additional information
 about what processing is going on.
 .It Cm netdata
 Displays the data stream received by
-.Nm telnetd.
+.Nm telnetd .
 .It Cm ptydata
 Displays data written to the pty.
 .It Cm exercise
@@ -194,12 +194,12 @@ be reached may be cleaned up.
 This option is only enabled when
 .Nm telnetd
 is compiled for
-.Dv UNICOS.
+.Dv UNICOS .
 It specifies an inclusive range of pseudo-terminal devices to
 use.  If the system has sysconf variable
 .Dv _SC_CRAY_NPTY
 configured, the default pty search range is 0 to
-.Dv _SC_CRAY_NPTY;
+.Dv _SC_CRAY_NPTY ;
 otherwise, the default range is 0 to 128.  Either
 .Ar lowpty
 or
@@ -298,7 +298,9 @@ DO TIMING-MARK
 .Ed
 .Pp
 The pseudo-terminal allocated to the client is configured
-to operate in \*(lqcooked\*(rq mode, and with
+to operate in
+.Dq cooked
+mode, and with
 .Dv XTABS and
 .Dv CRMOD
 enabled (see
@@ -336,7 +338,7 @@ Indicates that the client is willing to send a
 of the Network Virtual Terminal.
 .It "WILL SGA"
 Indicates that it will not be sending
-.Dv IAC GA,
+.Dv IAC GA ,
 go ahead, commands.
 .It "WILL STATUS"
 Indicates a willingness to send the client, upon
@@ -382,7 +384,7 @@ characters remotely.
 This is not really supported, but is sent to identify a 4.2BSD
 .Xr telnet 1
 client, which will improperly respond with
-.Dv WILL ECHO.
+.Dv WILL ECHO .
 If a
 .Dv WILL ECHO
 is received, a
@@ -394,7 +396,7 @@ name of the type of terminal that is attached
 to the client side of the connection.
 .It "DO SGA"
 Indicates that it does not need to receive
-.Dv IAC GA,
+.Dv IAC GA ,
 the go ahead command.
 .It "DO NAWS"
 Requests that the client inform the server when
@@ -423,9 +425,9 @@ Only sent if
 .Nm telnetd
 is compiled with support for both linemode and
 kludge linemode, and the client responded with
-.Dv WONT LINEMODE.
+.Dv WONT LINEMODE .
 If the client responds with
-.Dv WILL TM,
+.Dv WILL TM ,
 the it is assumed that the client supports
 kludge linemode.
 Note that the
@@ -443,6 +445,7 @@ Only sent if
 is compiled with support for data encryption, and
 indicates a willingness to decrypt
 the data stream.
+.El
 .Sh ENVIRONMENT
 .Sh FILES
 .Pa /etc/services
@@ -501,6 +504,7 @@ Telnet Authentication: SPX
 Telnet Environment Option Interoperability Issues
 .It Cm RFC-1572
 Telnet Environment Option
+.El
 .Sh BUGS
 Some
 .Tn TELNET