White space fix only. Translators can ignore.

Sponsored by:	iXsystems

en_US.ISO8859-1/books/handbook/security/chapter.xml

@@ -972,9 +972,9 @@ ALL : ALL \
 	: twist /bin/echo "You are not welcome to use %d from %h."</programlisting>
 
       <para>In this example, the message <quote>You are not allowed to
-	use <replaceable>daemon name</replaceable> from
-	<replaceable>hostname</replaceable>.</quote> will be returned
-	for any daemon not configured in
+	  use <replaceable>daemon name</replaceable> from
+	  <replaceable>hostname</replaceable>.</quote> will be
+	returned for any daemon not configured in
 	<filename>hosts.allow</filename>.  This is useful for sending
 	a reply back to the connection initiator right after the
 	established connection is dropped.  Any message returned
@@ -1103,7 +1103,7 @@ sendmail : PARANOID : deny</programlisting>
     <itemizedlist>
       <listitem>
 	<para>The <acronym>DNS</acronym> domain (zone) will be
-	<systemitem
+	  <systemitem
 	    class="fqdomainname">example.org</systemitem>.</para>
       </listitem>
 
@@ -1822,14 +1822,15 @@ kadmind5_server_enable="YES"</programlisting>
       </indexterm>
 
       <para>To generate a certificate that will be signed by an
-	external <acronym>CA</acronym>, issue the following command and
-	input the information requested at the prompts.  This input
-	information will be written to the certificate.  At the
+	external <acronym>CA</acronym>, issue the following command
+	and input the information requested at the prompts.  This
+	input information will be written to the certificate.  At the
 	<literal>Common Name</literal> prompt, input the fully
 	qualified name for the system that will use the certificate.
-	If this name does not match the server, the application verifying the
-	certificate will issue a warning to the user, rendering the
-	verification provided by the certificate as useless.</para>
+	If this name does not match the server, the application
+	verifying the certificate will issue a warning to the user,
+	rendering the verification provided by the certificate as
+	useless.</para>
 
       <screen>&prompt.root; <userinput>openssl req -new -nodes -out req.pem -keyout cert.pem</userinput>
 Generating a 1024 bit RSA private key
@@ -1856,23 +1857,22 @@ Please enter the following 'extra' attributes
 to be sent with your certificate request
 A challenge password []:<userinput><replaceable>SOME PASSWORD</replaceable></userinput>
 An optional company name []:<userinput><replaceable>Another Name</replaceable></userinput></screen>
-	
-      <para>Other options, such as the expire
-	time and alternate encryption algorithms, are available when
-	creating a certificate.  A
-	complete list of options is described in
+
+      <para>Other options, such as the expire time and alternate
+	encryption algorithms, are available when creating a
+	certificate.  A complete list of options is described in
 	&man.openssl.1;.</para>
 
-      <para>This command will create two files in the current directory.
-	The certificate request,
+      <para>This command will create two files in the current
+	directory.  The certificate request,
 	<filename>req.pem</filename>, can be sent to a
 	<acronym>CA</acronym> who will validate the entered
 	credentials, sign the request, and return the signed
 	certificate.  The second file,
 	<filename>cert.pem</filename>, is the private key for the
-	certificate and should be stored in a secure location.  If this
-	falls in the hands of others, it can be used to impersonate
-	the user or the server.</para>
+	certificate and should be stored in a secure location.  If
+	this falls in the hands of others, it can be used to
+	impersonate the user or the server.</para>
 
       <para>Alternately, if a signature from a <acronym>CA</acronym>
 	is not required, a self-signed certificate can be created.
@@ -1922,8 +1922,9 @@ Email Address []:<userinput><replaceable>trhodes@FreeBSD.org</replaceable></user
 	<filename>new.crt</filename>.  These should be placed in a
 	directory, preferably under <filename>/etc</filename>, which
 	is readable only by <systemitem
-	  class="username">root</systemitem>.  Permissions of <literal>0700</literal> are
-	appropriate for these files and can be set using <command>chmod</command>.</para>
+	  class="username">root</systemitem>.  Permissions of
+	<literal>0700</literal> are appropriate for these files and
+	can be set using <command>chmod</command>.</para>
     </sect2>
 
     <sect2>
@@ -1934,9 +1935,9 @@ Email Address []:<userinput><replaceable>trhodes@FreeBSD.org</replaceable></user
 	prevent the use of clear text authentication.</para>
 
       <note>
-	<para>Some mail clients will display an error if the
-	  user has not installed a local copy of the certificate.  Refer to
-	  the documentation included with the software for more
+	<para>Some mail clients will display an error if the user has
+	  not installed a local copy of the certificate.  Refer to the
+	  documentation included with the software for more
 	  information on certificate installation.</para>
       </note>
 
@@ -1954,8 +1955,7 @@ sendmail_cert_cn="<replaceable>localhost.example.org</replaceable>"</programlist
 	<acronym>CA</acronym> certificate,
 	<filename>/etc/mail/certs/cacert.pem</filename>.  The
 	certificate will use the <literal>Common Name</literal>
-	specified in <option>sendmail_cert_cn</option>.
-	After saving
+	specified in <option>sendmail_cert_cn</option>.  After saving
 	the edits, restart <application>Sendmail</application>:</para>
 
       <screen>&prompt.root; <userinput>service sendmail restart</userinput></screen>