From: Greg Hudson <ghudson@mit.edu>
Date: Thu, 21 Nov 2013 21:22:48 +0000 (-0500)
Subject: Correct kadm5.acl back-reference documentation
X-Git-Tag: krb5-1.13-alpha1~312
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=39bac22ed7f5ff583e92d082b34f0c5a2a3cad4c;p=thirdparty%2Fkrb5.git

Correct kadm5.acl back-reference documentation

In kadm5.acl, *N in the target principal name refers to the Nth
wildcard in the acting principal pattern, not the Nth component.

ticket: 7774 (new)
target_version: 1.12
tags: pullup
---

diff --git a/doc/admin/conf_files/kadm5_acl.rst b/doc/admin/conf_files/kadm5_acl.rst
index ffebe90bb7..b03aacce2a 100644
--- a/doc/admin/conf_files/kadm5_acl.rst
+++ b/doc/admin/conf_files/kadm5_acl.rst
@@ -66,7 +66,8 @@ ignored.  Lines containing ACL entries have the format:
     character.
 
     *target_principal* can also include back-references to *principal*,
-    in which ``*number`` matches the component number in *principal*.
+    in which ``*number`` matches the corresponding wildcard in
+    *principal*.
 
 *restrictions*
     (Optional) A string of flags. Allowed restrictions are:
@@ -121,8 +122,8 @@ instance ``root`` (matches line 3).
 
 (line 4) Any ``root`` principal in ``ATHENA.MIT.EDU`` can inquire, list,
 or change the password of their null instance, but not any other
-null instance.  (Here, "\*1" denotes a back-reference to the first
-component of the actor principal.)
+null instance.  (Here, ``*1`` denotes a back-reference to the
+component matching the first wildcard in the actor principal.)
 
 (line 5) Any principal in the realm ``ATHENA.MIT.EDU`` (except for
 ``joeadmin@ATHENA.MIT.EDU``, as mentioned above) has inquire