krb5 commit: Correct kadm5.acl back-reference documentation

Greg Hudson ghudson at MIT.EDU
Fri Nov 22 12:00:28 EST 2013


https://github.com/krb5/krb5/commit/39bac22ed7f5ff583e92d082b34f0c5a2a3cad4c
commit 39bac22ed7f5ff583e92d082b34f0c5a2a3cad4c
Author: Greg Hudson <ghudson at mit.edu>
Date:   Thu Nov 21 16:22:48 2013 -0500

    Correct kadm5.acl back-reference documentation
    
    In kadm5.acl, *N in the target principal name refers to the Nth
    wildcard in the acting principal pattern, not the Nth component.
    
    ticket: 7774 (new)
    target_version: 1.12
    tags: pullup

 doc/admin/conf_files/kadm5_acl.rst |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/doc/admin/conf_files/kadm5_acl.rst b/doc/admin/conf_files/kadm5_acl.rst
index ffebe90..b03aacc 100644
--- a/doc/admin/conf_files/kadm5_acl.rst
+++ b/doc/admin/conf_files/kadm5_acl.rst
@@ -66,7 +66,8 @@ ignored.  Lines containing ACL entries have the format:
     character.
 
     *target_principal* can also include back-references to *principal*,
-    in which ``*number`` matches the component number in *principal*.
+    in which ``*number`` matches the corresponding wildcard in
+    *principal*.
 
 *restrictions*
     (Optional) A string of flags. Allowed restrictions are:
@@ -121,8 +122,8 @@ instance ``root`` (matches line 3).
 
 (line 4) Any ``root`` principal in ``ATHENA.MIT.EDU`` can inquire, list,
 or change the password of their null instance, but not any other
-null instance.  (Here, "\*1" denotes a back-reference to the first
-component of the actor principal.)
+null instance.  (Here, ``*1`` denotes a back-reference to the
+component matching the first wildcard in the actor principal.)
 
 (line 5) Any principal in the realm ``ATHENA.MIT.EDU`` (except for
 ``joeadmin at ATHENA.MIT.EDU``, as mentioned above) has inquire


More information about the cvs-krb5 mailing list