Document correct flag names for kadm5.acl

kadm5.acl entries can include restrictions which can force flag values
on or off.  These flag values are parsed with krb5_string_to_flags(),
which means the flag names are the ones for default_principal_flags,
not the ones for kadmin addprinc/modprinc.

(cherry picked from commit ef21069070c1eb2ab1ade1d1406f5cd3920c83a9)
(cherry picked from commit 185114aa35508e46c90354d8ddea76f65fe556d8)

ticket: 8184 (new)
version_fixed: 1.12.4
status: resolved

diff --git a/doc/admin/conf_files/kadm5_acl.rst b/doc/admin/conf_files/kadm5_acl.rst
index cd41864a6d3586082b050de69e73a3c304304202..0160d708fdf67789a90f5c501b2a5fa418bab637 100644 (file)
--- a/doc/admin/conf_files/kadm5_acl.rst
+++ b/doc/admin/conf_files/kadm5_acl.rst
@@ -72,8 +72,8 @@ ignored.  Lines containing ACL entries have the format::
 
         {+\|-}\ *flagname*
             flag is forced to the indicated value.  The permissible flags
-            are the same as the + and - flags for the kadmin
-            :ref:`add_principal` and :ref:`modify_principal` commands.
+            are the same as those for the **default_principal_flags**
+            variable in :ref:`kdc.conf(5)`.
 
         *-clearpolicy*
             policy is forced to be empty.