From: Ben Kaduk Date: Fri, 31 May 2013 16:48:46 +0000 (-0400) Subject: Clean up dangling antecedent in allow_weak_crypto X-Git-Tag: krb5-1.12-alpha1~139 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2a10e19e19c65af0e3890bdeae03c37089ef02ea;p=thirdparty%2Fkrb5.git Clean up dangling antecedent in allow_weak_crypto The "previous three lists" are not previous any more. Say explicitly which three lists, and make the parenthetical bind to the correct noun. ticket: 7655 (new) tags: pullup target_version: 1.11.4 --- diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst index f2f22afa4e..4f88c55662 100644 --- a/doc/admin/conf_files/krb5_conf.rst +++ b/doc/admin/conf_files/krb5_conf.rst @@ -99,12 +99,12 @@ Additionally, krb5.conf may include any of the relations described in The libdefaults section may contain any of the following relations: **allow_weak_crypto** - If this flag is set to false, then weak encryption types will be - filtered out of the previous three lists (as noted in - :ref:`Encryption_and_salt_types` in :ref:`kdc.conf(5)`). The - default value for this tag is false, which may cause - authentication failures in existing Kerberos infrastructures that - do not support strong crypto. Users in affected environments + If this flag is set to false, then weak encryption types (as noted in + :ref:`Encryption_and_salt_types` in :ref:`kdc.conf(5)`) will be filtered + out of the lists **default_tgs_enctypes**, **default_tkt_enctypes**, and + **permitted_enctypes**. The default value for this tag is false, which + may cause authentication failures in existing Kerberos infrastructures + that do not support strong crypto. Users in affected environments should set this tag to true until their infrastructure adopts stronger ciphers.