12 files changed, 79 insertions, 1511 deletions
diff --git a/usr/src/man/man1/digest.1 b/usr/src/man/man1/digest.1
index b615f0f2fc..ec18edb247 100644
--- a/usr/src/man/man1/digest.1
+++ b/usr/src/man/man1/digest.1
@@ -1,9 +1,10 @@
 '\" te
 .\" Copyright 2006, Sun Microsystems, Inc. All Rights Reserved
+.\" Copyright 2018 OmniOS Community Edition (OmniOSce) Association.
 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
 .\"  See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with
 .\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH DIGEST 1 "May 21, 2009"
+.TH DIGEST 1 "Feb 07, 2018"
 .SH NAME
 digest \- calculate a message digest
 .SH SYNOPSIS
@@ -115,7 +116,6 @@ sha1 (/usr/lib/inet/ppp) = c96ee458549871a6ffdf2674a888b01d0c9e9740
 sha1 (/usr/lib/inet/pppoec) = 5f022498d79dacacd947cddadc64f171822e3dee
 sha1 (/usr/lib/inet/pppoed) = 252bd2f0863dbc1b05fffae72821a2a95609b8ad
 sha1 (/usr/lib/inet/slpd) = dfa24cc0f0b05f790546d4f0948a9094f7089027
-sha1 (/usr/lib/inet/wanboot) = a8b8c51c389c774d0be2ae43cb85d1b1439484ae
 sha1 (/usr/lib/inet/ntpd) = 5b4aff102372cea801e7d08acde9655fec81f07c
 .fi
 .in -2
diff --git a/usr/src/man/man1m/Makefile b/usr/src/man/man1m/Makefile
index 6efc7db3ff..8e68231fe6 100644
--- a/usr/src/man/man1m/Makefile
+++ b/usr/src/man/man1m/Makefile
@@ -55,7 +55,6 @@ _MANFILES=	6to4relay.1m		\
 		beadm.1m		\
 		boot.1m			\
 		bootadm.1m		\
-		bootconfchk.1m		\
 		busstat.1m		\
 		captoinfo.1m		\
 		catman.1m		\
@@ -174,7 +173,6 @@ _MANFILES=	6to4relay.1m		\
 		halt.1m			\
 		hextoalabel.1m		\
 		hostconfig.1m		\
-		ickey.1m		\
 		id.1m			\
 		idmap.1m		\
 		idmapd.1m		\
@@ -530,10 +528,6 @@ _MANFILES=	6to4relay.1m		\
 		vscanadm.1m		\
 		vscand.1m		\
 		wall.1m			\
-		wanboot_keygen.1m	\
-		wanboot_keymgmt.1m	\
-		wanboot_p12split.1m	\
-		wanbootutil.1m		\
 		whodo.1m		\
 		wificonfig.1m		\
 		wpad.1m			\
diff --git a/usr/src/man/man1m/boot.1m b/usr/src/man/man1m/boot.1m
index 2d031006d0..857f2be805 100644
--- a/usr/src/man/man1m/boot.1m
+++ b/usr/src/man/man1m/boot.1m
@@ -1,11 +1,12 @@
 '\" te
+.\" Copyright 2018 OmniOS Community Edition (OmniOSce) Association.
 .\" Copyright 2015 Nexenta Systems Inc.
 .\" Copyright (c) 2008 Sun Microsystems, Inc. All Rights Reserved
 .\" Copyright 1989 AT&T
 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
 .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the
 .\" fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH BOOT 1M "Aug 18, 2016"
+.TH BOOT 1M "Feb 07, 2018"
 .SH NAME
 boot \- start the system kernel or a standalone program
 .SH SYNOPSIS
@@ -65,7 +66,7 @@ system has been halted.
 .sp
 .LP
 The second level program is either a fileystem-specific boot block (when
-booting from a disk), or \fBinetboot\fR or \fBwanboot\fR (when booting across
+booting from a disk), or \fBinetboot\fR (when booting across
 the network).
 .sp
 .LP
@@ -138,289 +139,7 @@ name appears to be an HTTP URL. If it does not, the PROM downloads
 loads the boot archive, which takes over the machine and releases
 \fBinetboot\fR. Startup scripts then initiate the DHCP agent (see
 \fBdhcpagent\fR(1M)), which implements further DHCP activities.
-.sp
-.LP
-If the file to be loaded is an HTTP URL, the PROM will use HTTP to load the
-referenced file. If the client has been configured with an HMAC SHA-1 key, it
-will check the integrity of the loaded file before proceeding to execute it.
-The file is expected to be the \fBwanboot\fR binary. The WAN boot process can
-be configured to use either DHCP or NVRAM properties to discover the install
-server and router and the proxies needed to connect to it. When \fBwanboot\fR
-begins executing, it determines whether sufficient information is available to
-it to allow it to proceed. If any necessary information is missing, it will
-either exit with an appropriate error or bring up a command interpreter and
-prompt for further configuration information. Once \fBwanboot\fR has obtained
-the necessary information, it loads the boot loader into memory by means of
-HTTP. If an encryption key has been installed on the client, \fBwanboot\fR will
-verify the boot loader's signature and its accompanying hash. Presence of an
-encryption key but no hashing key is an error.
-.sp
-.LP
-The \fBwanboot\fR boot loader can communicate with the client using either HTTP
-or secure HTTP. If the former, and if the client has been configured with an
-HMAC SHA-1 key, the boot loader will perform an integrity check of the root
-file system. Once the root file system has been loaded into memory (and
-possibly had an integrity check performed), the boot archive is transferred
-from the server. If provided with a \fBboot_logger\fR URL by means of the
-\fBwanboot.conf\fR(4) file, \fBwanboot\fR will periodically log its progress.
-.sp
-.LP
-Not all PROMs are capable of consuming URLs. You can determine whether a client
-is so capable using the \fBlist-security-keys\fR OBP command (see
-\fBmonitor\fR(1M)).
-.sp
-.LP
-WAN booting is not currently available on the x86 platform.
-.sp
-.LP
-The \fBwanboot\fR Command Line
-.sp
-.LP
-When the client program is \fBwanboot\fR, it accepts \fBclient-program-args\fR
-of the form:
-.sp
-.in +2
-.nf
-boot ... -o \fIopt1\fR[,\fIopt2\fR[,...]]
-.fi
-.in -2
-.sp
-
-.sp
-.LP
-where each option may be an action:
-.sp
-.ne 2
-.na
-\fB\fBdhcp\fR\fR
-.ad
-.sp .6
-.RS 4n
-Require \fBwanboot\fR to obtain configuration parameters by means of DHCP.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fBprompt\fR\fR
-.ad
-.sp .6
-.RS 4n
-Cause \fBwanboot\fR to enter its command interpreter.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fI<cmd>\fR\fR
-.ad
-.sp .6
-.RS 4n
-One of the interpreter commands listed below.
-.RE
-
-.sp
-.LP
-\&...or an assignment, using the interpreter's parameter names listed below.
-.sp
-.LP
-The \fBwanboot\fR Command Interpreter
-.sp
-.LP
-The \fBwanboot\fR command interpreter is invoked by supplying a
-\fBclient-program-args\fR of "\fB-o prompt\fR" when booting. Input consists of
-single commands or assignments, or a comma-separated list of commands or
-assignments. The configuration parameters are:
-.sp
-.ne 2
-.na
-\fB\fBhost-ip\fR\fR
-.ad
-.sp .6
-.RS 4n
-IP address of the client (in dotted-decimal notation)
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fBrouter-ip\fR\fR
-.ad
-.sp .6
-.RS 4n
-IP address of the default router (in dotted-decimal notation)
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fBsubnet-mask\fR\fR
-.ad
-.sp .6
-.RS 4n
-subnet mask (in dotted-decimal notation)
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fBclient-id\fR\fR
-.ad
-.sp .6
-.RS 4n
-DHCP client identifier (a quoted ASCII string or hex ASCII)
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fBhostname\fR\fR
-.ad
-.sp .6
-.RS 4n
-hostname to request in DHCP transactions (ASCII)
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fBhttp-proxy\fR\fR
-.ad
-.sp .6
-.RS 4n
-HTTP proxy server specification (IPADDR[:PORT])
-.RE
-
-.sp
-.LP
-The key names are:
-.sp
-.ne 2
-.na
-\fB\fB3des\fR\fR
-.ad
-.sp .6
-.RS 4n
-the triple DES encryption key (48 hex ASCII characters)
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fBaes\fR\fR
-.ad
-.sp .6
-.RS 4n
-the AES encryption key (32 hex ASCII characters)
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fBsha1\fR\fR
-.ad
-.sp .6
-.RS 4n
-the HMAC SHA-1 signature key (40 hex ASCII characters)
-.RE
-
-.sp
-.LP
-Finally, the URL or the WAN boot CGI is referred to by means of:
-.sp
-.ne 2
-.na
-\fB\fBbootserver\fR\fR
-.ad
-.sp .6
-.RS 4n
-URL of WAN boot's CGI (the equivalent of OBP's \fBfile\fR parameter)
-.RE
-
-.sp
-.LP
-The interpreter accepts the following commands:
-.sp
-.ne 2
-.na
-\fB\fBhelp\fR\fR
-.ad
-.sp .6
-.RS 4n
-Print a brief description of the available commands
-.RE
 
-.sp
-.ne 2
-.na
-\fB\fB\fIvar\fR=\fIval\fR\fR\fR
-.ad
-.sp .6
-.RS 4n
-Assign \fIval\fR to \fIvar\fR, where \fIvar\fR is one of the configuration
-parameter names, the key names, or \fBbootserver\fR.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB\fIvar\fR=\fR\fR
-.ad
-.sp .6
-.RS 4n
-Unset parameter \fIvar\fR.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fBlist\fR\fR
-.ad
-.sp .6
-.RS 4n
-List all parameters and their values (key values retrieved by means of OBP are
-never shown).
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fBprompt\fR\fR
-.ad
-.sp .6
-.RS 4n
-Prompt for values for unset parameters. The name of each parameter and its
-current value (if any) is printed, and the user can accept this value (press
-Return) or enter a new value.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fBgo\fR\fR
-.ad
-.sp .6
-.RS 4n
-Once the user is satisfied that all values have been entered, leave the
-interpreter and continue booting.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fBexit\fR\fR
-.ad
-.sp .6
-.RS 4n
-Quit the boot interpreter and return to OBP's \fBok\fR prompt.
-.RE
-
-.sp
-.LP
-Any of these assignments or commands can be passed on the command line as part
-of the \fB-o\fR options, subject to the OBP limit of 128 bytes for boot
-arguments. For example, \fB-o\fR \fBlist,go\fR would simply list current
-(default) values of the parameters and then continue booting.
 .SS "iSCSI Boot"
 .LP
 iSCSI boot is currently supported only on x86. The host being booted must be
@@ -601,13 +320,6 @@ depending on the form of the \fBboot\fR command used, reliance upon
 \fIboot-file\fR should be discouraged for most production systems.
 .sp
 .LP
-When executing a WAN boot from a local (CD or DVD) copy of wanboot, one must
-use:
-.sp
-.LP
-ok \fBboot cdrom -F wanboot - install\fR
-.sp
-.LP
 Modern PROMs have enhanced the network boot support package to support the
 following syntax for arguments to be processed by the package:
 .sp
@@ -643,7 +355,7 @@ IP address of the TFTP server
 .ad
 .sp .6
 .RS 4n
-file to download using TFTP or URL for WAN boot
+file to download using TFTP
 .RE
 
 .sp
@@ -788,9 +500,7 @@ The TFTP RRQ is unicast to the server if one is specified as an argument or in
 the DHCP response. Otherwise, the TFTP RRQ is broadcast.
 .sp
 .LP
-\fIfile\fR specifies the file to be loaded by TFTP from the TFTP server, or the
-URL if using HTTP. The use of HTTP is triggered if the file name is a URL, that
-is, the file name starts with \fBhttp:\fR (case-insensitive).
+\fIfile\fR specifies the file to be loaded by TFTP from the TFTP server.
 .sp
 .LP
 When using RARP and TFTP, the default file name is the ASCII hexadecimal
@@ -810,17 +520,6 @@ When specified on the command line, the filename must not contain slashes
 (\fB/\fR).
 .sp
 .LP
-The format of URLs is described in RFC 2396. The HTTP server must be specified
-as an IP address (in standard IPv4 dotted-decimal notation). The optional port
-number is specified in decimal. If a port is not specified, port 80 (decimal)
-is implied.
-.sp
-.LP
-The URL presented must be "safe-encoded", that is, the package does not apply
-escape encodings to the URL presented. URLs containing commas must be presented
-as a quoted string. Quoting URLs is optional otherwise.
-.sp
-.LP
 \fBhost-ip\fR specifies the IP address (in standard IPv4 dotted-decimal
 notation) of the client, the system being booted. If using RARP as the address
 discovery protocol, specifying this argument makes use of RARP unnecessary.
@@ -1002,7 +701,7 @@ exported by the \fBboot\fR program.
 .RS 4n
 Boot using the named object. The object must be either an ELF executable or
 bootable object containing a boot block. The primary use is to boot the
-failsafe or \fBwanboot\fR boot archive.
+failsafe boot archive.
 .RE
 
 .sp
@@ -1243,7 +942,7 @@ To boot the default kernel in single-user interactive mode, respond to the
 .sp
 
 .LP
-\fBExample 2 \fRNetwork Booting with WAN Boot-Capable PROMs
+\fBExample 2 \fRNetwork Booting
 .sp
 .LP
 To illustrate some of the subtle repercussions of various boot command line
@@ -1303,26 +1002,9 @@ boot support package processes arguments in \fBnetwork-boot-arguments\fR.
 .in -2
 .sp
 
-.LP
-\fBExample 3 \fRUsing \fBwanboot\fR with Older PROMs
-.sp
-.LP
-The command below results in the \fBwanboot\fR binary being loaded from DVD or
-CD, at which time \fBwanboot\fR will perform DHCP and then drop into its
-command interpreter to allow the user to enter keys and any other necessary
-configuration.
-
-.sp
-.in +2
-.nf
-\fBboot cdrom -F wanboot -o dhcp,prompt\fR
-.fi
-.in -2
-.sp
-
 .SS "x86"
 .LP
-\fBExample 4 \fRTo Boot the Default Kernel In 64-bit Single-User Interactive
+\fBExample 3 \fRTo Boot the Default Kernel In 64-bit Single-User Interactive
 Mode
 .sp
 .LP
@@ -1417,7 +1099,7 @@ the root pool of your current system.
 \fBinit\fR(1M), \fBinstallboot\fR(1M), \fBkernel\fR(1M), \fBmonitor\fR(1M),
 \fBshutdown\fR(1M), \fBsvcadm\fR(1M), \fBumountall\fR(1M), \fBzpool\fR(1M),
 \fBuadmin\fR(2), \fBbootparams\fR(4), \fBinittab\fR(4), \fBvfstab\fR(4),
-\fBwanboot.conf\fR(4), \fBfilesystem\fR(5)
+\fBfilesystem\fR(5)
 .sp
 .LP
 RFC 903, \fIA Reverse Address Resolution Protocol\fR,
diff --git a/usr/src/man/man1m/bootconfchk.1m b/usr/src/man/man1m/bootconfchk.1m
deleted file mode 100644
index 56798639b8..0000000000
--- a/usr/src/man/man1m/bootconfchk.1m
+++ /dev/null
@@ -1,70 +0,0 @@
-'\" te
-.\" Copyright (c) 2003, Sun Microsystems, Inc. All Rights Reserved
-.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
-.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
-.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH BOOTCONFCHK 1M "Apr 18, 2003"
-.SH NAME
-bootconfchk \- verify the integrity of a network boot configuration file
-.SH SYNOPSIS
-.LP
-.nf
-\fB/usr/sbin/bootconfchk\fR [\fIbootconf-file\fR]
-.fi
-
-.SH DESCRIPTION
-.sp
-.LP
-The \fBbootconfchk\fR command checks that the file specified is a valid network
-boot configuration file as described in \fBwanboot.conf\fR(4).
-.sp
-.LP
-Any discrepancies are reported on standard error.
-.SH EXIT STATUS
-.sp
-.ne 2
-.na
-\fB\fB0\fR\fR
-.ad
-.RS 5n
-Successful completion.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB1\fR\fR
-.ad
-.RS 5n
-An error occurred.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB2\fR\fR
-.ad
-.RS 5n
-Usage error.
-.RE
-
-.SH ATTRIBUTES
-.sp
-.LP
-See \fBattributes\fR(5) for descriptions of the following attributes:
-.sp
-
-.sp
-.TS
-box;
-c | c
-l | l .
-ATTRIBUTE TYPE	ATTRIBUTE VALUE
-_
-Interface Stability	Evolving
-.TE
-
-.SH SEE ALSO
-.sp
-.LP
-\fBwanboot.conf\fR(4), \fBattributes\fR(5)
diff --git a/usr/src/man/man1m/ickey.1m b/usr/src/man/man1m/ickey.1m
deleted file mode 100644
index 10a01df891..0000000000
--- a/usr/src/man/man1m/ickey.1m
+++ /dev/null
@@ -1,88 +0,0 @@
-'\" te
-.\" Copyright (c) 2003, Sun Microsystems, Inc. All Rights Reserved
-.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
-.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
-.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH ICKEY 1M "April 9, 2016"
-.SH NAME
-ickey \- install a client key for WAN boot
-.SH SYNOPSIS
-.LP
-.nf
-\fB/usr/lib/inet/wanboot/ickey\fR [\fB-d\fR] [\fB-o\fR type=3des]
-.fi
-
-.LP
-.nf
-\fB/usr/lib/inet/wanboot/ickey\fR [\fB-d\fR] [\fB-o\fR type=aes]
-.fi
-
-.LP
-.nf
-\fB/usr/lib/inet/wanboot/ickey\fR [\fB-d\fR] [\fB-o\fR type=sha1]
-.fi
-
-.SH DESCRIPTION
-.LP
-The \fBickey\fR command is used to install WAN boot keys on a running UNIX
-system so that they can be used the next time the system is installed. You can
-store three different types of keys: 3DES and AES for encryption and an HMAC
-SHA-1 key for hashed verification.
-.sp
-.LP
-\fBickey\fR reads the key from standard input using \fBgetpassphrase\fR(3C) so
-that it does not appear on the command line. When installing keys on a remote
-system, you must take proper precautions to ensure that any keying materials
-are kept confidential. At a minimum, use \fBssh\fR(1) to prevent interception
-of data in transit.
-.sp
-.LP
-Keys are expected to be presented as strings of hexadecimal digits; they can
-(but need not) be preceded by a \fB0x\fR or \fB0X\fR.
-.sp
-.LP
-The \fBickey\fR command has a single option, described below. An argument of
-the type \fB-o\fR\ \fBtype=\fR\fIkeytype\fR is required.
-.SH OPTIONS
-.LP
-The \fBickey\fR command the following option.
-.sp
-.ne 2
-.na
-\fB\fB-d\fR\fR
-.ad
-.RS 6n
-Delete the key specified by the \fIkeytype\fR argument.
-.RE
-
-.SH EXIT STATUS
-.LP
-On success, \fBickey\fR exits with status 0; if a problem occurs, a diagnostic
-message is printed and \fBickey\fR exits with non-zero status.
-.SH FILES
-.ne 2
-.na
-\fB\fB/dev/openprom\fR\fR
-.ad
-.RS 17n
-WAN boot key storage driver
-.RE
-
-.SH ATTRIBUTES
-.LP
-See \fBattributes\fR(5) for descriptions of the following attributes:
-.sp
-
-.sp
-.TS
-box;
-c | c
-l | l .
-ATTRIBUTE TYPE	ATTRIBUTE VALUE
-_
-Interface Stability	Unstable
-.TE
-
-.SH SEE ALSO
-.LP
-\fBssh\fR(1), \fBopenprom\fR(7D),  \fBattributes\fR(5)
diff --git a/usr/src/man/man1m/ipadm.1m b/usr/src/man/man1m/ipadm.1m
index ecc7ea87ca..9935c346e9 100644
--- a/usr/src/man/man1m/ipadm.1m
+++ b/usr/src/man/man1m/ipadm.1m
@@ -11,10 +11,10 @@
 .\"
 .\" Copyright (c) 2012, Joyent, Inc. All Rights Reserved
 .\" Copyright (c) 2013 by Delphix. All rights reserved.
-.\" Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
+.\" Copyright 2018 Nexenta Systems, Inc.
 .\" Copyright (c) 2016-2017, Chris Fraire <cfraire@me.com>.
 .\"
-.Dd June 16, 2017
+.Dd February 6, 2018
 .Dt IPADM 1M
 .Os
 .Sh NAME
@@ -70,9 +70,9 @@
 .Ic create-addr
 .Op Fl t
 .Fl T Cm dhcp
-.Op Fl w Ar seconds Ns | Ns Cm forever
 .Op Fl 1
 .Op Fl h Ar hostname
+.Op Fl w Bro Ar seconds Ns | Ns Cm forever Brc
 .Ar addrobj
 .Nm
 .Ic create-addr
@@ -182,7 +182,7 @@ or
 .Cm udp .
 .Sh SUBCOMMANDS
 The following subcommands are supported:
-.Bl -tag -width ""
+.Bl -tag -width Ds
 .It Xo
 .Nm
 .Ic create-if
@@ -193,7 +193,7 @@ Create an IP interface that will handle both IPv4 and IPv6 packets.
 The interface will be enabled as part of the creation process.
 The IPv4 interface will have the address 0.0.0.0.
 The IPv6 interface will have the address ::.
-.Bl -tag -width ""
+.Bl -tag -width Ds
 .It Fl t Ns \&, Ns Fl -temporary
 Temporary, not persistent across reboots.
 .El
@@ -203,8 +203,8 @@ Temporary, not persistent across reboots.
 .Fl t
 .Ar interface
 .Xc
-Disable an IP interface.
-.Bl -tag -width ""
+Disable the specified IP interface.
+.Bl -tag -width Ds
 .It Fl t Ns \&, Ns Fl -temporary
 Temporary, not persistent across reboots.
 .El
@@ -214,8 +214,8 @@ Temporary, not persistent across reboots.
 .Fl t
 .Ar interface
 .Xc
-Enable an IP interface.
-.Bl -tag -width ""
+Enable the specified IP interface.
+.Bl -tag -width Ds
 .It Fl t Ns \&, Ns Fl -temporary
 Temporary, not persistent across reboots.
 .El
@@ -224,7 +224,7 @@ Temporary, not persistent across reboots.
 .Ic delete-if
 .Ar interface
 .Xc
-Permanently delete an IP interface.
+Permanently delete the specified IP interface.
 .It Xo
 .Nm
 .Ic show-if
@@ -232,7 +232,7 @@ Permanently delete an IP interface.
 .Op Ar interface
 .Xc
 Show the current IP interface configuration.
-.Bl -tag -width ""
+.Bl -tag -width Ds
 .It Fl o Ns \&, Ns Fl -output
 Select which fields will be shown.
 The field value can be one of the following names:
@@ -306,8 +306,8 @@ Print the output in a parsable format.
 .Fl m Ar protocol
 .Ar interface
 .Xc
-Set a property's value(s) on the IP interface.
-.Bl -tag -width ""
+Set a property's value(s) on the specified IP interface.
+.Bl -tag -width Ds
 .It Fl m Ns \&, Ns Fl -module
 Specify which protocol the setting applies to.
 .It Fl p Ns \&, Ns Fl -prop
@@ -348,8 +348,8 @@ Temporary, not persistent across reboots.
 .Fl m Ar protocol
 .Ar interface
 .Xc
-Reset an IP interface's property value to the default.
-.Bl -tag -width ""
+Reset the specified IP interface's property value to the default.
+.Bl -tag -width Ds
 .It Fl m Ns \&, Ns Fl -module
 Specify which protocol the setting applies to.
 .It Fl p Ns \&, Ns Fl -prop
@@ -369,7 +369,7 @@ Temporary, not persistent across reboots.
 .Op Ar interface
 .Xc
 Display the property values for one or all of the IP interfaces.
-.Bl -tag -width ""
+.Bl -tag -width Ds
 .It Fl c Ns \&, Ns Fl -parsable
 Print the output in a parsable format.
 .It Fl m Ns \&, Ns Fl -module
@@ -415,42 +415,18 @@ subcommand for the list of property names.
 .Fl a Oo Cm local Ns | Ns Cm remote Ns = Oc Ns
 .Ar addr Ns Oo / Ns Ar prefixlen Oc Ns ...
 .Ar addrobj
-.br
-.Nm
-.Ic create-addr
-.Op Fl t
-.Fl T Cm dhcp
-.Op Fl w Ar seconds Ns | Ns Cm forever
-.Op Fl 1
-.Op Fl h Ar hostname
-.Ar addrobj
-.br
-.Nm
-.Ic create-addr
-.Op Fl t
-.Fl T Cm addrconf
-.Op Fl i Ar interface-id
-.Oo Fl p Bro Cm stateful Ns | Ns Cm stateless Brc Ns = Ns
-.Bro Cm yes Ns | Ns Cm no Brc Oc Ns ...
-.Ar addrobj
 .Xc
-Create an address on an IP interface.
+Create an address on the specified IP interface using static configuration.
 The address will be enabled but can disabled using the
 .Nm ipadm Ic disable-addr
 subcommand.
-This subcommand has three different forms, depending on the value of the
-.Fl T
-option.
-.Bl -tag -width ""
-.It Fl T Cm static
-Create a static addrobj.
 Note that
 .Cm addrconf
 address configured on an interface is required to configure
 .Cm static
 IPv6 address on the same interface.
 This takes the following options:
-.Bl -tag -width ""
+.Bl -tag -width Ds
 .It Fl a Ns \&, Ns Fl -address
 Specify the address.
 The
@@ -465,17 +441,22 @@ should be omitted and the address should be provided by itself without second
 address.
 .It Fl d Ns \&, Ns Fl -down
 The address is down.
+.It Fl t Ns \&, Ns Fl -temporary
+Temporary, not persistent across reboots.
 .El
-.It Fl T Cm dhcp
-Obtain the address via DHCP.
+.It Xo
+.Nm
+.Ic create-addr
+.Op Fl t
+.Fl T Cm dhcp
+.Op Fl 1
+.Op Fl h Ar hostname
+.Op Fl w Bro Ar seconds Ns | Ns Cm forever Brc
+.Ar addrobj
+.Xc
+Create an address on the specified IP interface using DHCP.
 This takes the following options:
-.Bl -tag -width ""
-.It Fl w Ns \&, Ns Fl -wait
-Specify the time, in seconds, that the command should wait to obtain an
-address; or specify
-.Cm forever
-to wait without interruption.
-The default value is 120.
+.Bl -tag -width Ds
 .It Fl 1 Ns \&, Ns Fl -primary
 Specify that the interface is primary.
 One effect will be that
@@ -497,16 +478,32 @@ for
 .Xr dhcpagent 1m .
 N.b. that the DHCP server implementation ultimately determines whether and
 how the client-sent FQDN is used.
+.It Fl t Ns \&, Ns Fl -temporary
+Temporary, not persistent across reboots.
+.It Fl w Ns \&, Ns Fl -wait
+Specify the time, in seconds, that the command should wait to obtain an
+address; or specify
+.Cm forever
+to wait without interruption.
+The default value is 120.
 .El
-.It Fl T Cm addrconf
-Create an auto-configured address.
+.It Xo
+.Nm
+.Ic create-addr
+.Op Fl t
+.Fl T Cm addrconf
+.Op Fl i Ar interface-id
+.Oo Fl p Bro Cm stateful Ns | Ns Cm stateless Brc Ns = Ns
+.Bro Cm yes Ns | Ns Cm no Brc Oc Ns ...
+.Ar addrobj
+.Xc
+Create an auto-configured address on the specified IP interface.
 This takes the following options:
-.Bl -tag -width ""
+.Bl -tag -width Ds
 .It Fl i Ns \&, Ns Fl -interface-id
 Specify the interface ID to be used.
 .It Fl p Ns \&, Ns Fl -prop
 Specify which method of auto-configuration should be used.
-.El
 .It Fl t Ns \&, Ns Fl -temporary
 Temporary, not persistent across reboots.
 .El
@@ -518,7 +515,7 @@ Temporary, not persistent across reboots.
 .Xc
 Down the address.
 This will stop packets from being sent or received.
-.Bl -tag -width ""
+.Bl -tag -width Ds
 .It Fl t Ns \&, Ns Fl -temporary
 Temporary, not persistent across reboots.
 .El
@@ -530,7 +527,7 @@ Temporary, not persistent across reboots.
 .Xc
 Up the address.
 This will enable packets to be sent and received.
-.Bl -tag -width ""
+.Bl -tag -width Ds
 .It Fl t Ns \&, Ns Fl -temporary
 Temporary, not persistent across reboots.
 .El
@@ -541,7 +538,7 @@ Temporary, not persistent across reboots.
 .Ar addrobj
 .Xc
 Disable the address.
-.Bl -tag -width ""
+.Bl -tag -width Ds
 .It Fl t Ns \&, Ns Fl -temporary
 Temporary, not persistent across reboots.
 .El
@@ -552,7 +549,7 @@ Temporary, not persistent across reboots.
 .Ar addrobj
 .Xc
 Enable the address.
-.Bl -tag -width ""
+.Bl -tag -width Ds
 .It Fl t Ns \&, Ns Fl -temporary
 Temporary, not persistent across reboots.
 .El
@@ -568,7 +565,7 @@ addresses.
 It also restarts duplicate address detection for
 .Cm static
 addresses.
-.Bl -tag -width ""
+.Bl -tag -width Ds
 .It Fl i Ns \&, Ns Fl -inform
 Obtain network configuration from DHCP without taking a lease on the address.
 .El
@@ -579,7 +576,7 @@ Obtain network configuration from DHCP without taking a lease on the address.
 .Ar addrobj
 .Xc
 Delete the given address.
-.Bl -tag -width ""
+.Bl -tag -width Ds
 .It Fl r Ns \&, Ns Fl -release
 Indicate that the DHCP-assigned address should be released.
 .El
@@ -590,7 +587,7 @@ Indicate that the DHCP-assigned address should be released.
 .Op Ar addrobj
 .Xc
 Show the current address properties.
-.Bl -tag -width ""
+.Bl -tag -width Ds
 .It Fl o Ns \&, Ns Fl -output
 Select which fields will be shown.
 The field value can be one of the following names:
@@ -665,7 +662,7 @@ Print the output in a parsable format.
 .Ar addrobj
 .Xc
 Set a property's value(s) on the addrobj.
-.Bl -tag -width ""
+.Bl -tag -width Ds
 .It Fl p Ns \&, Ns Fl -prop
 Specify the property name and value(s).
 The property name can be one of the following:
@@ -684,7 +681,7 @@ The address is not advertised to routing
 .Pq Cm on Ns / Ns Cm off .
 .It Cm reqhost
 The host name to send to the DHCP server in order to request an association
-of an FQDN to the interface.
+of the FQDN to the interface.
 For a primary DHCP interface,
 .Xr nodename 4
 is sent if this property is not defined.
@@ -692,7 +689,7 @@ See the
 .Nm
 .Ic create-addr
 .Fl T Cm dhcp
-subcommand for an explanation of how an FQDN is determined.
+subcommand for the explanation of how an FQDN is determined.
 .It Cm transmit
 Packets can be transmitted
 .Pq Cm on Ns / Ns Cm off .
@@ -711,8 +708,8 @@ Temporary, not persistent across reboots.
 .Fl p Ar prop
 .Ar addrobj
 .Xc
-Reset an addrobj's property value to the default.
-.Bl -tag -width ""
+Reset the addrobj's property value to the default.
+.Bl -tag -width Ds
 .It Fl p Ns \&, Ns Fl -prop
 Specify the property name.
 See the
@@ -729,7 +726,7 @@ Temporary, not persistent across reboots.
 .Op Ar addrobj
 .Xc
 Display the property values for one or all of the addrobjs.
-.Bl -tag -width ""
+.Bl -tag -width Ds
 .It Fl c Ns \&, Ns Fl -parsable
 Print the output in a parsable format.
 .It Fl o Ns \&, Ns Fl -output
@@ -770,7 +767,7 @@ subcommand for the list of property names.
 .Ar protocol
 .Xc
 Set a property's value(s) on the protocol.
-.Bl -tag -width ""
+.Bl -tag -width Ds
 .It Fl p Ns \&, Ns Fl -prop
 Specify the property name and value(s).
 The optional
@@ -838,7 +835,7 @@ Temporary, not persistent across reboots.
 .Ar protocol
 .Xc
 Reset a protocol's property value to the default.
-.Bl -tag -width ""
+.Bl -tag -width Ds
 .It Fl p Ns \&, Ns Fl -prop
 Specify the property name.
 See the
@@ -855,7 +852,7 @@ Temporary, not persistent across reboots.
 .Op Ar protocol
 .Xc
 Display the property values for one or all of the protocols.
-.Bl -tag -width ""
+.Bl -tag -width Ds
 .It Fl c Ns \&, Ns Fl -parsable
 Print the output in a parsable format.
 .It Fl o Ns \&, Ns Fl -output
diff --git a/usr/src/man/man1m/wanboot_keygen.1m b/usr/src/man/man1m/wanboot_keygen.1m
deleted file mode 100644
index 5edfbf04a2..0000000000
--- a/usr/src/man/man1m/wanboot_keygen.1m
+++ /dev/null
@@ -1,191 +0,0 @@
-'\" te
-.\" Copyright (c) 2003, Sun Microsystems, Inc. All Rights Reserved
-.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
-.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
-.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH WANBOOT_KEYGEN 1M "Apr 18, 2003"
-.SH NAME
-wanboot_keygen \- create and display client and server keys for WAN booting
-.SH SYNOPSIS
-.LP
-.nf
-\fB/usr/lib/inet/wanboot/keygen\fR \fB-c\fR \fB-o\fR net=\fIa.b.c.d\fR ,cid=\fIclient_ID\fR,type=3des
-.fi
-
-.LP
-.nf
-\fB/usr/lib/inet/wanboot/keygen\fR \fB-c\fR \fB-o\fR net=\fIa.b.c.d\fR ,cid=\fIclient_ID\fR,type=aes
-.fi
-
-.LP
-.nf
-\fB/usr/lib/inet/wanboot/keygen\fR \fB-m\fR
-.fi
-
-.LP
-.nf
-\fB/usr/lib/inet/wanboot/keygen\fR \fB-c\fR \fB-o\fR net=\fIa.b.c.d\fR ,cid=\fIclient_ID\fR,type=sha1
-.fi
-
-.LP
-.nf
-\fB/usr/lib/inet/wanboot/keygen\fR \fB-d\fR \fB-m\fR
-.fi
-
-.LP
-.nf
-\fB/usr/lib/inet/wanboot/keygen\fR \fB-c\fR \fB-o\fR net=\fIa.b.c.d\fR ,cid=\fIclient_ID\fR,type=\fIkeytype\fR
-.fi
-
-.SH DESCRIPTION
-.sp
-.LP
-The \fBkeygen\fR utility has three purposes:
-.RS +4
-.TP
-.ie t \(bu
-.el o
-Using the \fB-c\fR flag, to generate and store per-client 3DES/AES encryption
-keys, avoiding any DES weak keys.
-.RE
-.RS +4
-.TP
-.ie t \(bu
-.el o
-Using the \fB-m\fR flag, to generate and store a "master" HMAC SHA-1 key for
-WAN install, and to derive from the master key per-client HMAC SHA-1 hashing
-keys, in a manner described in RFC 3118, Appendix A.
-.RE
-.RS +4
-.TP
-.ie t \(bu
-.el o
-Using the \fB-d\fR flag along with either the \fB-c\fR or \fB-m\fR flag to
-indicate the key repository, to display a key of type specified by
-\fIkeytype\fR, which must be one of \fB3des\fR, \fBaes\fR, or \fBsha1\fR.
-.RE
-.sp
-.LP
-The \fBnet\fR and \fBcid\fR arguments are used to identify a specific client.
-Both arguments are optional. If the \fBcid\fR option is not provided, the key
-being created or displayed will have a per-network scope. If the \fBnet\fR
-option is not provided, then the key will have a global scope. Default net and
-code values are used to derive an HMAC SHA-1 key if the values are not provided
-by the user.
-.SH OPTIONS
-.sp
-.LP
-The following options are supported:
-.sp
-.ne 2
-.na
-\fB\fB-c\fR\fR
-.ad
-.RS 6n
-Generate and store per-client 3DES/AES encryption keys, avoiding any DES weak
-keys. Also generates and stores per-client HMAC SHA-1 keys. Used in conjunction
-with \fB-o\fR.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-d\fR\fR
-.ad
-.RS 6n
-Display a key of type specified by \fIkeytype\fR, which must be one of
-\fB3des\fR, \fBaes\fR, or \fBsha1\fR. Use \fB-d\fR with \fB-m\fR or with
-\fB-c\fR and \fB-o\fR.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-m\fR\fR
-.ad
-.RS 6n
-Generate and store a "master" HMAC SHA-1 key for WAN install.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-o\fR\fR
-.ad
-.RS 6n
-Specifies the WANboot client and/or keytype.
-.RE
-
-.SH EXAMPLES
-.LP
-\fBExample 1 \fRGenerate a Master HMAC SHA-1 Key
-.sp
-.in +2
-.nf
-# keygen -m
-.fi
-.in -2
-.sp
-
-.LP
-\fBExample 2 \fRGenerate and Then Display a Client-Specific Master HMAC SHA-1
-Key
-.sp
-.in +2
-.nf
-# keygen -c -o net=172.16.174.0,cid=010003BA0E6A36,type=sha1
-# keygen -d -c -o net=172.16.174.0,cid=010003BA0E6A36,type=sha1
-.fi
-.in -2
-.sp
-
-.LP
-\fBExample 3 \fRGenerate and Display a 3DES Key with a Per-Network Scope
-.sp
-.in +2
-.nf
-# keygen -c -o net=172.16.174.0,type=3des
-# keygen -d -o net=172.16.174.0,type=3des
-.fi
-.in -2
-.sp
-
-.SH EXIT STATUS
-.sp
-.ne 2
-.na
-\fB\fB0\fR\fR
-.ad
-.RS 6n
-Successful operation.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB>0\fR\fR
-.ad
-.RS 6n
-An error occurred.
-.RE
-
-.SH ATTRIBUTES
-.sp
-.LP
-See \fBattributes\fR(5) for descriptions of the following attributes:
-.sp
-
-.sp
-.TS
-box;
-c | c
-l | l .
-ATTRIBUTE TYPE	ATTRIBUTE VALUE
-_
-Interface Stability	Obsolete
-.TE
-
-.SH SEE ALSO
-.sp
-.LP
-\fBattributes\fR(5)
diff --git a/usr/src/man/man1m/wanboot_keymgmt.1m b/usr/src/man/man1m/wanboot_keymgmt.1m
deleted file mode 100644
index bda9ca6221..0000000000
--- a/usr/src/man/man1m/wanboot_keymgmt.1m
+++ /dev/null
@@ -1,148 +0,0 @@
-'\" te
-.\" Copyright (c) 2003, Sun Microsystems, Inc. All Rights Reserved
-.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
-.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
-.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH WANBOOT_KEYMGMT 1M "Apr 18, 2003"
-.SH NAME
-wanboot_keymgmt \- insert and extract keys
-.SH SYNOPSIS
-.LP
-.nf
-\fB/usr/lib/inet/wanboot/keymgmt\fR \fB-i\fR \fB-k\fR \fIkey_file\fR \fB-s\fR \fIkeystore\fR \fB-o\fR type=\fIkeytype\fR
-.fi
-
-.LP
-.nf
-\fB/usr/lib/inet/wanboot/keymgmt\fR \fB-x\fR \fB-f\fR \fIoutfile\fR \fB-s\fR \fIkeystore\fR \fB-o\fR type=\fIkeytype\fR
-.fi
-
-.SH DESCRIPTION
-.sp
-.LP
-The \fBkeymgmt\fR utility has two purposes:
-.RS +4
-.TP
-.ie t \(bu
-.el o
-To take a raw key, stored in \fIkey_file\fR, and insert it in the repository
-specified by \fIkeystore\fR.
-.RE
-.RS +4
-.TP
-.ie t \(bu
-.el o
-To extract a key of a specified type from the repository specified by
-\fIkeystore\fR, depositing it in \fIoutfile\fR.
-.RE
-.sp
-.LP
-\fIoutfile\fR will be created if it does not already exist. The type of key
-being added or extracted is specified by \fIkeytype\fR and may have one of four
-values: \fB3des\fR, \fBaes\fR, \fBrsa\fR, or \fBsha1\fR (the last used by HMAC
-SHA-1). When extracting a key, the first key with an OID matching the supplied
-type is used.
-.SH ARGUMENTS
-.sp
-.LP
-The following arguments are supported:
-.sp
-.ne 2
-.na
-\fB\fB-i\fR\fR
-.ad
-.RS 19n
-Used in conjunction with \fB-k\fR to insert a raw key in \fIkeystore\fR.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-f\fR \fIoutfile\fR\fR
-.ad
-.RS 19n
-Used to specify a file to receive an extracted key.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-k\fR \fIkey_file\fR\fR
-.ad
-.RS 19n
-Used in conjunction with \fB-i\fR to specify the file in which a raw key is
-stored. This key will be inserted in \fIkeystore\fR.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-o\fR type=\fIkeytype\fR\fR
-.ad
-.RS 19n
-Specifies the type of key being inserted or extracted. Must be one of
-\fB3des\fR, \fBaes\fR, \fBrsa\fR, or \fBsha1\fR.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-s\fR \fIkeystore\fR\fR
-.ad
-.RS 19n
-Specifies a repository in which a key will be inserted or from which a key will
-be extracted.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-x\fR\fR
-.ad
-.RS 19n
-Used in conjunction with \fB-f\fR to extract a key of a specified type and
-deposit it in \fIoutfile\fR.
-.RE
-
-.SH EXIT STATUS
-.sp
-.ne 2
-.na
-\fB\fB0\fR\fR
-.ad
-.RS 6n
-Successful operation.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB>0\fR\fR
-.ad
-.RS 6n
-An error occurred.
-.RE
-
-.SH ATTRIBUTES
-.sp
-.LP
-See \fBattributes\fR(5) for descriptions of the following attributes:
-.sp
-
-.sp
-.TS
-box;
-c | c
-l | l .
-ATTRIBUTE TYPE	ATTRIBUTE VALUE
-_
-Interface Stability	Obsolete
-.TE
-
-.SH SEE ALSO
-.sp
-.LP
-\fBattributes\fR(5)
-.sp
-.LP
-ITU-T Recommendation X.208
diff --git a/usr/src/man/man1m/wanboot_p12split.1m b/usr/src/man/man1m/wanboot_p12split.1m
deleted file mode 100644
index ede930eeb9..0000000000
--- a/usr/src/man/man1m/wanboot_p12split.1m
+++ /dev/null
@@ -1,125 +0,0 @@
-'\" te
-.\" Copyright (c) 2003, Sun Microsystems, Inc. All Rights Reserved
-.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
-.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
-.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH WANBOOT_P12SPLIT 1M "Apr 18, 2003"
-.SH NAME
-wanboot_p12split \- split a PKCS #12 file into separate certificate and key
-files
-.SH SYNOPSIS
-.LP
-.nf
-\fB/usr/lib/inet/wanboot/p12split\fR \fB-i\fR \fIp12file\fR \fB-c\fR \fIout_cert\fR \fB-k\fR \fIout_key\fR
-     [\fB-t\fR \fIout_trust\fR \fB-l\fR \fIid\fR \fB-v\fR]
-.fi
-
-.SH DESCRIPTION
-.sp
-.LP
-The \fBp12split\fR utility extracts a certificate and private key from the
-repository specified by \fIp12file\fR, depositing the certificate in
-\fIout_cert\fR and the key in \fIout_key\fR. If supplied, the \fB-l\fR option
-specifies the value for the \fBLocalKeyId\fR that will be used in the new
-certificate and key files. \fBp12split\fR can optionally extract a trust
-certificate into the \fIout_trust\fR file if the \fB-t\fR option is specified.
-Use the \fB-v\fR option to get a verbose description of the split displayed to
-standard output.
-.SH OPTIONS
-.sp
-.LP
-The following arguments and options are supported:
-.sp
-.ne 2
-.na
-\fB\fB-c\fR \fIout_cert\fR\fR
-.ad
-.RS 16n
-Specifies a repository that receives a extracted certificate.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-i\fR \fIp12file\fR\fR
-.ad
-.RS 16n
-Specifies a repository from which a certificate and private key is extracted.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-k\fR \fIout_key\fR\fR
-.ad
-.RS 16n
-Specifies a repository that receives a extracted private key.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-l\fR \fIid\fR\fR
-.ad
-.RS 16n
-Specifies the value for the \fBLocalKeyId\fR that will be used in the new
-certificate and key files.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-t\fR \fIout_trust\fR\fR
-.ad
-.RS 16n
-Specifies a file for receiving an extracted trust certificate.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB-v\fR\fR
-.ad
-.RS 16n
-Displays a verbose description of the split to stdout.
-.RE
-
-.SH EXIT STATUS
-.sp
-.ne 2
-.na
-\fB\fB0\fR\fR
-.ad
-.RS 6n
-Successful operation.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fB>0\fR\fR
-.ad
-.RS 6n
-An error occurred.
-.RE
-
-.SH ATTRIBUTES
-.sp
-.LP
-See \fBattributes\fR(5) for descriptions of the following attributes:
-.sp
-
-.sp
-.TS
-box;
-c | c
-l | l .
-ATTRIBUTE TYPE	ATTRIBUTE VALUE
-_
-Interface Stability	Unstable
-.TE
-
-.SH SEE ALSO
-.sp
-.LP
-\fBattributes\fR(5)
diff --git a/usr/src/man/man1m/wanbootutil.1m b/usr/src/man/man1m/wanbootutil.1m
deleted file mode 100644
index aed2a6b85d..0000000000
--- a/usr/src/man/man1m/wanbootutil.1m
+++ /dev/null
@@ -1,138 +0,0 @@
-'\" te
-.\" Copyright (c) 2003, Sun Microsystems, Inc. All Rights Reserved
-.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
-.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
-.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH WANBOOTUTIL 1M "Apr 18, 2003"
-.SH NAME
-wanbootutil \- manage keys and certificates for WAN booting
-.SH SYNOPSIS
-.LP
-.nf
-\fBwanbootutil\fR [keygen] [\fIoption_specific_arguments\fR]
-.fi
-
-.LP
-.nf
-\fBwanbootutil\fR [keymgmt] [\fIoption_specific_arguments\fR]
-.fi
-
-.LP
-.nf
-\fBwanbootutil\fR [p12split] [\fIoption_specific_arguments\fR]
-.fi
-
-.SH DESCRIPTION
-.sp
-.LP
-The \fBwanbootutil\fR command creates and manages WANboot encyrption and
-hashing keys and manipulates PKCS #12 files for use by WAN boot.
-.sp
-.LP
-\fBwanbootutil\fR has three subcommands, each covered in a separate man page:
-.sp
-.ne 2
-.na
-\fB\fBwanboot_keygen\fR(1M)\fR
-.ad
-.RS 24n
-Generates encryption and hashing keys.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fBwanboot_keymgmt\fR(1M)\fR
-.ad
-.RS 24n
-Inserts and extracts keys from WAN boot key repositories.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fBwanboot_p12split\fR(1M)\fR
-.ad
-.RS 24n
-Splits a PKCS #12 file into separate certificate and key files for use by WAN
-boot.
-.RE
-
-.SH OPTIONS
-.sp
-.LP
-The options are supported for \fBwanbootutil\fR are the use of \fBkeygen\fR,
-\fBkeymgmt\fR, or \fBp12split\fR. The options for these subcommands are
-described in their respective man pages.
-.SH EXAMPLES
-.LP
-\fBExample 1 \fRGenerate a 3DES Client Key
-.sp
-.in +2
-.nf
-# wanbootutil keygen -c -o net=172.16.174.0,cid=010003BA0E6A36,type=3des
-.fi
-.in -2
-.sp
-
-.LP
-\fBExample 2 \fRInsert an RSA Private Client Key
-.sp
-.in +2
-.nf
-wanbootutil keymgmt -i -k keyfile \e
-  -s /etc/netboot/172.16.174.0/010003BA0E6A36/keystore -o type=rsa
-.fi
-.in -2
-.sp
-
-.LP
-\fBExample 3 \fRSplit a PKCS #12 File into Certificate and Key Components
-.sp
-.in +2
-.nf
-# wanbootutil p12split -i p12file -c out_cert -k out_key
-.fi
-.in -2
-.sp
-
-.SH EXIT STATUS
-.sp
-.ne 2
-.na
-\fB\fB0\fR\fR
-.ad
-.RS 12n
-Successful operation.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fBnon-zero\fR\fR
-.ad
-.RS 12n
-An error occurred. Writes an appropriate error message to standard error.
-.RE
-
-.SH ATTRIBUTES
-.sp
-.LP
-See \fBattributes\fR(5) for descriptions of the following attributes:
-.sp
-
-.sp
-.TS
-box;
-c | c
-l | l .
-ATTRIBUTE TYPE	ATTRIBUTE VALUE
-_
-Interface Stability	Obsolete
-.TE
-
-.SH SEE ALSO
-.sp
-.LP
-\fBwanboot_keygen\fR(1M), \fBwanboot_keymgmt\fR(1M),
-\fBwanboot_p12split\fR(1M), \fBattributes\fR(5)
diff --git a/usr/src/man/man4/Makefile b/usr/src/man/man4/Makefile
index fc5d06c2ff..d02c23ecc1 100644
--- a/usr/src/man/man4/Makefile
+++ b/usr/src/man/man4/Makefile
@@ -198,7 +198,6 @@ _MANFILES=	Intro.4				\
 		utmp.4				\
 		utmpx.4				\
 		vfstab.4			\
-		wanboot.conf.4			\
 		warn.conf.4			\
 		ypfiles.4			\
 		yppasswdd.4			\
diff --git a/usr/src/man/man4/wanboot.conf.4 b/usr/src/man/man4/wanboot.conf.4
deleted file mode 100644
index 5eff3a1b1d..0000000000
--- a/usr/src/man/man4/wanboot.conf.4
+++ /dev/null
@@ -1,344 +0,0 @@
-'\" te
-.\" Copyright (c) 2003, Sun Microsystems, Inc. All Rights Reserved.
-.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
-.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
-.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH WANBOOT.CONF 4 "Nov 15, 2003"
-.SH NAME
-wanboot.conf \- repository for WANboot configuration data
-.SH SYNOPSIS
-.LP
-.nf
-\fB\fR\fB/etc/netboot/wanboot.conf\fR
-.fi
-
-.SH DESCRIPTION
-.sp
-.LP
-The \fBwanboot.conf\fR file is set up by a system administrator for one or more
-WANboot clients. The file contains information used to drive the WANboot
-process. The CGI program that serves up the bootstrap (wanboot) and the boot
-and root filesystems use information contained in the file to determine file
-paths, encryption and signing policies, and other characteristics of the
-operating environment.
-.sp
-.LP
-A copy of \fBwanboot.conf\fR is incorporated in the boot filesystem that is
-transmitted to the client. This is used by the bootstrap (wanboot) to determine
-SSL authentication policy, and other security conditions.
-.sp
-.LP
-You should use the \fBbootconfchk\fR(1M) utility to check the format and
-content of a \fBwanboot.conf\fR file prior to deployment.
-.SH FILE FORMAT
-.sp
-.LP
-Entries in \fBwanboot.conf\fR are written one per line; an entry cannot be
-continued onto another line. Blank lines are ignored, as is anything following
-a hash mark character (\fB#\fR), which allows you to insert comments.
-.sp
-.LP
-Each non-blank, non-comment line must take the form:
-.sp
-.in +2
-.nf
-\fIparameter\fR=\fIvalue\fR
-.fi
-.in -2
-.sp
-
-.sp
-.LP
-where \fIvalue\fR is terminated by the end-of-line, a space, or the hash mark
-character. The value can be quoted if it contains a space or a hash mark, using
-single or double quotes.
-.sp
-.LP
-The parameters currently supported and their meanings are as follows:
-.sp
-.ne 2
-.na
-\fB\fIboot_file\fR\fR
-.ad
-.RS 25n
-Specifies the path of the bootstrap file relative to the directory from which
-the web server serves files. This parameter must be given if the bootstrap file
-(wanboot) is to be served via HTTP, and must be specified with a leading slash
-(\fB/\fR).
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fIroot_server\fR\fR
-.ad
-.RS 25n
-Specifies the location of the CGI program that will serve up the information
-about the root filesystem that will be transmitted to the client. If present,
-the value must be a URL in one of the following forms:
-.sp
-.in +2
-.nf
-http://\fIhost\fR:\fIport\fR/\fIsome_path\fR/\fIwanboot-cgi\fR
-https://\fIhost\fR:\fIport\fR/\fIsome_path\fR/\fIwanboot-cgi\fR
-.fi
-.in -2
-.sp
-
-where \fBhttp\fR specifies insecure download of the root filesystem;
-\fBhttps\fR specifies secure download of the root filesystem; \fIhost\fR is the
-name of the system which will serve the root filesystem; \fIport\fR is the port
-through which the web server will serve the root filesystem image;
-\fIsome-path\fR is the directory which contains the \fIwanboot-cgi\fR CGI
-program which will serve information about the root filesystem. For example:
-.sp
-.in +2
-.nf
-http://webserver:8080/cgi-bin/wanboot-cgi
-.fi
-.in -2
-.sp
-
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fIroot_file\fR\fR
-.ad
-.RS 25n
-Specifies the path of the root filesystem image relative to the directory from
-which the web server serves files. This parameter must be given if the root
-filesystem is to be served by means of HTTP, and must be specified with a
-leading \fB/\fR.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fIsignature_type\fR\fR
-.ad
-.RS 25n
-Specifies the signing algorithm to be used when signing the bootstrap (that is,
-wanboot), the boot filesystem, and the root filesystem (assuming the last is
-not being sent using secure HTTP), prior to transmission to the client. If
-absent, or the value is empty, no signing will be performed. If present, its
-value must be: \fBsha1\fR.
-.sp
-If \fIsignature_type\fR is set, the client system being booted must also be
-setup with a client key for that algorithm.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fIencryption_type\fR\fR
-.ad
-.RS 25n
-Specifies the encryption algorithm to be used when encrypting the boot
-filesystem prior to transmission to the client. If absent, or the value is
-empty, no encryption of the boot filesystem will be performed. If present, its
-value must be one of: \fB3des\fR or \fBaes\fR.
-.sp
-If \fIencryption_type\fR is set to one of the above algorithms, then the client
-system being booted must also be setup with a client key for that algorithm and
-a non-empty \fIencryption_type\fR must also be specified.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fIserver_authentication\fR\fR
-.ad
-.RS 25n
-Specifies whether server authentication should be requested during SSL
-connection setup. If absent, or the value is empty, server authentication will
-not be requested. If present, its value must be one of: \fByes\fR or \fBno\fR.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fIclient_authentication\fR\fR
-.ad
-.RS 25n
-Specifies whether client authentication should be requested during SSL
-coonection setup. If absent, or the value is empty, client authentication will
-not be requested. If present, its value must be one of: \fByes\fR or \fBno\fR.
-.sp
-If client_authentication is \fByes\fR, then encryption and signing algorithms
-must also be specified, the URL scheme in \fIroot_server\fR must be
-\fBhttps\fR, and server_authentication must also be \fByes\fR.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fIresolve_hosts\fR\fR
-.ad
-.RS 25n
-Used to specify any host names that might need to be resolved for the client
-system. Host names appearing in URLs in \fBwanboot.conf\fR and any discovered
-in certificates associated with the client will automatically be resolved and
-do not need to be specified here. The value should be a comma-separated list of
-host names.
-.sp
-A typical use of this parameter would be to name hosts used by the installer
-that differ from any of those used by the bootstrap.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fIboot_logger\fR\fR
-.ad
-.RS 25n
-Specifies the URL of a system to which logging messages will be sent. If
-absent, or the value is empty, then logging will be to the system console only.
-If present it must specify a URL in one of the following forms:
-.sp
-
-.sp
-.in +2
-.nf
-http://\fIhost\fR:\fIport\fR/\fIsome_path\fR/\fIbootlog-cgi\fR
-https://\fIhost\fR:\fIport\fR/\fIsome_path\fR/\fIbootlog-cgi\fR
-.fi
-.in -2
-.sp
-
-where the constituent parts are as defined for \fIroot_server\fR, above.
-.sp
-Logging can be insecure or secure.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fIsystem_conf\fR\fR
-.ad
-.RS 25n
-Specifies the name of a file in the \fB/etc/netboot\fR hierarchy that will be
-incorporated in the boot filesystem named \fBsystem.conf\fR and which is
-intended for use by the system startup scripts only.
-.RE
-
-.SH EXAMPLES
-.LP
-\fBExample 1 \fRSample \fB\fR File
-.sp
-.LP
-The following is a sample \fBwanboot.conf\fR file:
-
-.sp
-.in +2
-.nf
-####################################################################
-#
-# Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
-# Use is subject to license terms.
-#
-#ident  "@(#)wanboot.conf       1.12    03/01/30 SMI"
-#
-####################################################################
-# wanboot.conf(4): boot configuration file.
-#
-# Please consult wanboot.conf(4) for further information.  Note that
-# this interface is "Evolving" as defined by attributes(5).
-#
-# Anything after a '#' is comment.  Values may be quoted (e.g. "val").
-#
-# <empty> means there is no value, i.e. null.  The absence of any
-# parameter implies that it takes a default value (<empty> unless
-# otherwise specified).
-#
-# <url> is of the form http://... or https://...
-####################################################################
-
-# The path of the bootstrap file (within htdocs) which is served up
-# by wanboot-cgi(bootfile).
-#
-boot_file=/bootfiles/wanboot    # <absolute pathname>
-
-# These are used by wanboot-cgi(bootfile|bootfs|rootfs) to determine
-# whether boot_file or the bootfs is to be sent encrypted/signed, or
-# root_file is to be sent signed; the client must be setup with the
-# corresponding encryption/signature key(s) (which cannot be auto-
-# matically verified).
-#
-# If an encryption_type is specified then a signature_type must also
-# be specified.
-#
-encryption_type=3des            # 3des | aes | <empty>
-signature_type=sha1             # sha1 | <empty>
-
-# This is used by wanboot-cgi(bootfs) and WANboot to determine whether
-# server authentication should be requested during SSL connection
-# setup.
-#
-server_authentication=yes       # yes | no
-
-# This is used by wanboot-cgi(bootfs) and wanboot to determine whether
-# client authentication should be requested during SSL connection
-# setup.  If client_authentication is "yes", then server_authentication
-# must also be "yes".
-#
-client_authentication=yes       # yes | no
-
-
-# wanboot-cgi(bootfs) will construct a hosts file which resolves any
-# hostnames specified in any of the URLs in the wanboot.conf file,
-# plus those found in certificates, etc.  The following parameter
-# may be used to add additional mappings to the hosts file.
-#
-resolve_hosts=                  # <hostname>[,<hostname>*] | <empty>
-
-# This is used to specify the URL of wanboot-cgi on the server on which
-# the root_file exists, and used by wanboot to obtain the root server's
-# URL; wanboot substitutes root_file for the pathname part of the URL.
-# If the schema is http://... then the root_file will be signed if there
-# is a non-empty signature_type.  If server_authentication is "yes", the
-# schema must be https://...; otherwise it must be http://...
-#
-root_server=https://www.example.com:1234/cgi-bin/wanboot-cgi # <url> \e
-   | <empty>
-
-# This is used by wanboot-cgi(rootfs) to locate the path of the
-# rootfs image (within htdocs) on the root_server.
-#
-root_file=/rootimages/miniroot  # <absolute pathname> | <empty>
-
-# This is used by wanboot to determine the URL of the boot_logger
-# (and whether logging traffic should be sent using http or https),
-# or whether it should simply be sent to the console.
-#
-boot_logger=http://www.example.com:1234/cgi-bin/bootlog-cgi  # <url> \e
-    | <empty>
-
-# This is used by the system startup scripts.
-#
-system_conf=system.conf
-.fi
-.in -2
-.sp
-
-.SH ATTRIBUTES
-.sp
-.LP
-See \fBattributes\fR(5) for descriptions of the following attributes:
-.sp
-
-.sp
-.TS
-box;
-c | c
-l | l .
-ATTRIBUTE TYPE	ATTRIBUTE VALUE
-_
-Interface Stability	Evolving
-.TE
-
-.SH SEE ALSO
-.sp
-.LP
-\fBbootconfchk\fR(1M), \fBattributes\fR(5)