From 185114aa35508e46c90354d8ddea76f65fe556d8 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Fri, 13 Mar 2015 12:45:27 -0400
Subject: [PATCH] Document correct flag names for kadm5.acl

kadm5.acl entries can include restrictions which can force flag values
on or off.  These flag values are parsed with krb5_string_to_flags(),
which means the flag names are the ones for default_principal_flags,
not the ones for kadmin addprinc/modprinc.

(cherry picked from commit ef21069070c1eb2ab1ade1d1406f5cd3920c83a9)

ticket: 8155
version_fixed: 1.13.2
status: resolved
---
 doc/admin/conf_files/kadm5_acl.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/admin/conf_files/kadm5_acl.rst b/doc/admin/conf_files/kadm5_acl.rst
index 009067e442..2a6e634d68 100644
--- a/doc/admin/conf_files/kadm5_acl.rst
+++ b/doc/admin/conf_files/kadm5_acl.rst
@@ -72,8 +72,8 @@ ignored.  Lines containing ACL entries have the format::
 
         {+\|-}\ *flagname*
             flag is forced to the indicated value.  The permissible flags
-            are the same as the + and - flags for the kadmin
-            :ref:`add_principal` and :ref:`modify_principal` commands.
+            are the same as those for the **default_principal_flags**
+            variable in :ref:`kdc.conf(5)`.
 
         *-clearpolicy*
             policy is forced to be empty.
-- 
2.47.2