Rely on module ordering for localauth

Register built-in localauth modules in the order we want them used by
default, and document accordingly.

ticket: 7665

1 files changed, 15 insertions, 15 deletions

diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
index 0fd3f2c1d5..699628f563 100644
--- a/doc/admin/conf_files/krb5_conf.rst
+++ b/doc/admin/conf_files/krb5_conf.rst
@@ -749,30 +749,30 @@ for the local authorization interface, which affects the relationship
 between Kerberos principals and local system accounts.  The following
 built-in modules exist for this interface:
 
-**auth_to_local**
-    This module processes **auth_to_local** values in the default
-    realm's section, and applies the default method if no
-    **auth_to_local** values exist.
-
-**an2ln**
-    This module authorizes a principal to a local account if the
-    principal name maps to the local account name.
-
 **default**
     This module implements the **DEFAULT** type for **auth_to_local**
     values.
 
-**k5login**
-    This module authorizes a principal to a local account according to
-    the account's :ref:`.k5login(5)` file.
+**rule**
+    This module implements the **RULE** type for **auth_to_local**
+    values.
 
 **names**
     This module looks for an **auth_to_local_names** mapping for the
     principal name.
 
-**rule**
-    This module implements the **RULE** type for **auth_to_local**
-    values.
+**auth_to_local**
+    This module processes **auth_to_local** values in the default
+    realm's section, and applies the default method if no
+    **auth_to_local** values exist.
+
+**k5login**
+    This module authorizes a principal to a local account according to
+    the account's :ref:`.k5login(5)` file.
+
+**an2ln**
+    This module authorizes a principal to a local account if the
+    principal name maps to the local account name.
 
 
 PKINIT options