From 45c43584beb6534ed0929fbc7240a0a2a9aad6dd Mon Sep 17 00:00:00 2001
From: Ben Kaduk <kaduk@mit.edu>
Date: Thu, 4 Oct 2012 18:00:07 -0400
Subject: Make the kadm5.acl example sane

It is an eggregious security violation to give all admin principals
admin rights and then give all null instances permission to change
the password of the associated admin instance.

While here, don't assume that admin and root are the only non-null
instances, and correct the formatting of an entry with restrictions.
---
 doc/rst_source/krb_admins/conf_files/kadm5_acl.rst | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/doc/rst_source/krb_admins/conf_files/kadm5_acl.rst b/doc/rst_source/krb_admins/conf_files/kadm5_acl.rst
index 5f28b7acd..a02472e21 100644
--- a/doc/rst_source/krb_admins/conf_files/kadm5_acl.rst
+++ b/doc/rst_source/krb_admins/conf_files/kadm5_acl.rst
@@ -101,9 +101,9 @@ Here is an example of a kadm5.acl file.
     */admin@ATHENA.MIT.EDU        *                           # line 1
     joeadmin@ATHENA.MIT.EDU   ADMCIL                          # line 2
     joeadmin/*@ATHENA.MIT.EDU il  */root@ATHENA.MIT.EDU       # line 3
-    *@ATHENA.MIT.EDU          cil *1/admin@ATHENA.MIT.EDU     # line 4
+    */root@ATHENA.MIT.EDU     cil *1@ATHENA.MIT.EDU           # line 4
     */*@ATHENA.MIT.EDU        i                               # line 5
-    */admin@EXAMPLE.COM       * -maxlife 9h -postdateable     # line 6
+    */admin@EXAMPLE.COM       x   * -maxlife 9h -postdateable # line 6
 
 (line 1) Any principal in the ``ATHENA.MIT.EDU`` realm with
 an ``admin`` instance has all administrative privileges.
@@ -111,13 +111,14 @@ an ``admin`` instance has all administrative privileges.
 (lines 1-3) The user ``joeadmin`` has all permissions with his
 ``admin`` instance, ``joeadmin/admin@ATHENA.MIT.EDU`` (matches line
 1).  He has no permissions at all with his null instance,
-``joeadmin@ATHENA.MIT.EDU`` (matches line 2).  His root instance has
-inquire and list permissions with any other principal that has the
-instance root (matches line 3).
-
-(line 4) Any principal in ``ATHENA.MIT.EDU`` can inquire, list,
-or change the password of their ``admin`` instance, but not any other
-admin instance.  (Here, "\*1" denotes a back-reference to the first
+``joeadmin@ATHENA.MIT.EDU`` (matches line 2).  His ``root`` and other
+non-``admin``, non-null instances (e.g., ``extra`` or ``dbadmin``) have
+inquire and list permissions with any principal that has the
+instance ``root`` (matches line 3).
+
+(line 4) Any ``root`` principal in ``ATHENA.MIT.EDU`` can inquire, list,
+or change the password of their null instance, but not any other
+null instance.  (Here, "\*1" denotes a back-reference to the first
 component of the actor principal.)
 
 (line 5) Any principal in the realm ``ATHENA.MIT.EDU`` (except for
-- 
cgit