From: Greg Hudson <ghudson@mit.edu>
Date: Fri, 13 Mar 2015 16:45:27 +0000 (-0400)
Subject: Document correct flag names for kadm5.acl
X-Git-Tag: krb5-1.14-alpha1~153
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ef21069070c1eb2ab1ade1d1406f5cd3920c83a9;p=thirdparty%2Fkrb5.git

Document correct flag names for kadm5.acl

kadm5.acl entries can include restrictions which can force flag values
on or off.  These flag values are parsed with krb5_string_to_flags(),
which means the flag names are the ones for default_principal_flags,
not the ones for kadmin addprinc/modprinc.

ticket: 8155
target_version: 1.13.2
tags: pullup
---

diff --git a/doc/admin/conf_files/kadm5_acl.rst b/doc/admin/conf_files/kadm5_acl.rst
index 009067e442..2a6e634d68 100644
--- a/doc/admin/conf_files/kadm5_acl.rst
+++ b/doc/admin/conf_files/kadm5_acl.rst
@@ -72,8 +72,8 @@ ignored.  Lines containing ACL entries have the format::
 
         {+\|-}\ *flagname*
             flag is forced to the indicated value.  The permissible flags
-            are the same as the + and - flags for the kadmin
-            :ref:`add_principal` and :ref:`modify_principal` commands.
+            are the same as those for the **default_principal_flags**
+            variable in :ref:`kdc.conf(5)`.
 
         *-clearpolicy*
             policy is forced to be empty.