krb5 commit: Clean up dangling antecedent in allow_weak_crypto
Benjamin Kaduk
kaduk at MIT.EDU
Fri May 31 13:09:51 EDT 2013
https://github.com/krb5/krb5/commit/2a10e19e19c65af0e3890bdeae03c37089ef02ea
commit 2a10e19e19c65af0e3890bdeae03c37089ef02ea
Author: Ben Kaduk <kaduk at mit.edu>
Date: Fri May 31 12:48:46 2013 -0400
Clean up dangling antecedent in allow_weak_crypto
The "previous three lists" are not previous any more.
Say explicitly which three lists, and make the parenthetical bind
to the correct noun.
ticket: 7655 (new)
tags: pullup
target_version: 1.11.4
doc/admin/conf_files/krb5_conf.rst | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
index f2f22af..4f88c55 100644
--- a/doc/admin/conf_files/krb5_conf.rst
+++ b/doc/admin/conf_files/krb5_conf.rst
@@ -99,12 +99,12 @@ Additionally, krb5.conf may include any of the relations described in
The libdefaults section may contain any of the following relations:
**allow_weak_crypto**
- If this flag is set to false, then weak encryption types will be
- filtered out of the previous three lists (as noted in
- :ref:`Encryption_and_salt_types` in :ref:`kdc.conf(5)`). The
- default value for this tag is false, which may cause
- authentication failures in existing Kerberos infrastructures that
- do not support strong crypto. Users in affected environments
+ If this flag is set to false, then weak encryption types (as noted in
+ :ref:`Encryption_and_salt_types` in :ref:`kdc.conf(5)`) will be filtered
+ out of the lists **default_tgs_enctypes**, **default_tkt_enctypes**, and
+ **permitted_enctypes**. The default value for this tag is false, which
+ may cause authentication failures in existing Kerberos infrastructures
+ that do not support strong crypto. Users in affected environments
should set this tag to true until their infrastructure adopts
stronger ciphers.
More information about the cvs-krb5
mailing list