Document correct flag names for kadm5.acl

kadm5.acl entries can include restrictions which can force flag values
on or off.  These flag values are parsed with krb5_string_to_flags(),
which means the flag names are the ones for default_principal_flags,
not the ones for kadmin addprinc/modprinc.

ticket: 8155
target_version: 1.13.2
tags: pullup

diff --git a/doc/admin/conf_files/kadm5_acl.rst b/doc/admin/conf_files/kadm5_acl.rst
index 009067e4420a85f62c5be03b3c20000eeae5bb46..2a6e634d687cf15654767b170dc4a0ecfc653603 100644 (file)
--- a/doc/admin/conf_files/kadm5_acl.rst
+++ b/doc/admin/conf_files/kadm5_acl.rst
@@ -72,8 +72,8 @@ ignored.  Lines containing ACL entries have the format::
 
         {+\|-}\ *flagname*
             flag is forced to the indicated value.  The permissible flags
-            are the same as the + and - flags for the kadmin
-            :ref:`add_principal` and :ref:`modify_principal` commands.
+            are the same as those for the **default_principal_flags**
+            variable in :ref:`kdc.conf(5)`.
 
         *-clearpolicy*
             policy is forced to be empty.