Clean up dangling antecedent in allow_weak_crypto

author Ben Kaduk <kaduk@mit.edu>

Fri, 31 May 2013 16:48:46 +0000 (12:48 -0400)

committer Ben Kaduk <kaduk@mit.edu>

Fri, 31 May 2013 17:09:45 +0000 (13:09 -0400)
author Ben Kaduk <kaduk@mit.edu>
Fri, 31 May 2013 16:48:46 +0000 (12:48 -0400)
committer Ben Kaduk <kaduk@mit.edu>
Fri, 31 May 2013 17:09:45 +0000 (13:09 -0400)
diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst

index f2f22afa4e291db091e1e5a0464f33727d49c52a..4f88c55662cef1148d9703509a96225ef0f7cd85 100644 (file)
--- a/doc/admin/conf_files/krb5_conf.rst
+++ b/doc/admin/conf_files/krb5_conf.rst
@@ -99,12 +99,12 @@ Additionally, krb5.conf may include any of the relations described in
  The libdefaults section may contain any of the following relations:
  
  **allow_weak_crypto**
-    If this flag is set to false, then weak encryption types will be
-    filtered out of the previous three lists (as noted in
-    :ref:`Encryption_and_salt_types` in :ref:`kdc.conf(5)`).  The
-    default value for this tag is false, which may cause
-    authentication failures in existing Kerberos infrastructures that
-    do not support strong crypto.  Users in affected environments
+    If this flag is set to false, then weak encryption types (as noted in
+    :ref:`Encryption_and_salt_types` in :ref:`kdc.conf(5)`) will be filtered
+    out of the lists **default_tgs_enctypes**, **default_tkt_enctypes**, and
+    **permitted_enctypes**.  The default value for this tag is false, which
+    may cause authentication failures in existing Kerberos infrastructures
+    that do not support strong crypto.  Users in affected environments
      should set this tag to true until their infrastructure adopts
      stronger ciphers.
author	Ben Kaduk <kaduk@mit.edu>
	Fri, 31 May 2013 16:48:46 +0000 (12:48 -0400)
committer	Ben Kaduk <kaduk@mit.edu>
	Fri, 31 May 2013 17:09:45 +0000 (13:09 -0400)