From 2a10e19e19c65af0e3890bdeae03c37089ef02ea Mon Sep 17 00:00:00 2001 From: Ben Kaduk Date: Fri, 31 May 2013 12:48:46 -0400 Subject: Clean up dangling antecedent in allow_weak_crypto The "previous three lists" are not previous any more. Say explicitly which three lists, and make the parenthetical bind to the correct noun. ticket: 7655 (new) tags: pullup target_version: 1.11.4 --- doc/admin/conf_files/krb5_conf.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst index f2f22afa4..4f88c5566 100644 --- a/doc/admin/conf_files/krb5_conf.rst +++ b/doc/admin/conf_files/krb5_conf.rst @@ -99,12 +99,12 @@ Additionally, krb5.conf may include any of the relations described in The libdefaults section may contain any of the following relations: **allow_weak_crypto** - If this flag is set to false, then weak encryption types will be - filtered out of the previous three lists (as noted in - :ref:`Encryption_and_salt_types` in :ref:`kdc.conf(5)`). The - default value for this tag is false, which may cause - authentication failures in existing Kerberos infrastructures that - do not support strong crypto. Users in affected environments + If this flag is set to false, then weak encryption types (as noted in + :ref:`Encryption_and_salt_types` in :ref:`kdc.conf(5)`) will be filtered + out of the lists **default_tgs_enctypes**, **default_tkt_enctypes**, and + **permitted_enctypes**. The default value for this tag is false, which + may cause authentication failures in existing Kerberos infrastructures + that do not support strong crypto. Users in affected environments should set this tag to true until their infrastructure adopts stronger ciphers. -- cgit