[27792] in CVS-changelog-for-Kerberos-V5
krb5 commit: Clean up dangling antecedent in allow_weak_crypto
daemon@ATHENA.MIT.EDU (Benjamin Kaduk)
Fri May 31 13:09:58 2013
Date: Fri, 31 May 2013 13:09:51 -0400
From: Benjamin Kaduk <kaduk@mit.edu>
Message-Id: <201305311709.r4VH9pRR022803@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/2a10e19e19c65af0e3890bdeae03c37089ef02ea
commit 2a10e19e19c65af0e3890bdeae03c37089ef02ea
Author: Ben Kaduk <kaduk@mit.edu>
Date: Fri May 31 12:48:46 2013 -0400
Clean up dangling antecedent in allow_weak_crypto
The "previous three lists" are not previous any more.
Say explicitly which three lists, and make the parenthetical bind
to the correct noun.
ticket: 7655 (new)
tags: pullup
target_version: 1.11.4
doc/admin/conf_files/krb5_conf.rst | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst
index f2f22af..4f88c55 100644
--- a/doc/admin/conf_files/krb5_conf.rst
+++ b/doc/admin/conf_files/krb5_conf.rst
@@ -99,12 +99,12 @@ Additionally, krb5.conf may include any of the relations described in
The libdefaults section may contain any of the following relations:
**allow_weak_crypto**
- If this flag is set to false, then weak encryption types will be
- filtered out of the previous three lists (as noted in
- :ref:`Encryption_and_salt_types` in :ref:`kdc.conf(5)`). The
- default value for this tag is false, which may cause
- authentication failures in existing Kerberos infrastructures that
- do not support strong crypto. Users in affected environments
+ If this flag is set to false, then weak encryption types (as noted in
+ :ref:`Encryption_and_salt_types` in :ref:`kdc.conf(5)`) will be filtered
+ out of the lists **default_tgs_enctypes**, **default_tkt_enctypes**, and
+ **permitted_enctypes**. The default value for this tag is false, which
+ may cause authentication failures in existing Kerberos infrastructures
+ that do not support strong crypto. Users in affected environments
should set this tag to true until their infrastructure adopts
stronger ciphers.
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5