From cdb1c3b6e2b8d4f45f63f734ef453f2958c77183 Mon Sep 17 00:00:00 2001 From: Eric Blake Date: Tue, 9 Apr 2013 16:39:19 -0600 Subject: [PATCH] docs: fix typo when using Kerberos principals Kerberos uses 'primary' or 'key' files (principals), not 'abstract ideal' or 'rule' files (principles). Reported by Jason Meinzer. Reflow a paragraph to fit in 80 columns in the process. * docs/auth.html.in: Fix spelling. --- docs/auth.html.in | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/docs/auth.html.in b/docs/auth.html.in index 929afd0884..1bd02f2bd6 100644 --- a/docs/auth.html.in +++ b/docs/auth.html.in @@ -253,13 +253,15 @@ Plugin "gssapiv2" [loaded], API version: 4 features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN

-Next it is necessary for the administrator of the Kerberos realm to issue a principle -for the libvirt server. There needs to be one principle per host running the libvirt -daemon. The principle should be named libvirt/full.hostname@KERBEROS.REALM. -This is typically done by running the kadmin.local command on the Kerberos -server, though some Kerberos servers have alternate ways of setting up service principles. -Once created, the principle should be exported to a keytab, copied to the host running -the libvirt daemon and placed in /etc/libvirt/krb5.tab +Next it is necessary for the administrator of the Kerberos realm to +issue a principal for the libvirt server. There needs to be one +principal per host running the libvirt daemon. The principal should be +named libvirt/full.hostname@KERBEROS.REALM. This is +typically done by running the kadmin.local command on the +Kerberos server, though some Kerberos servers have alternate ways of +setting up service principals. Once created, the principal should be +exported to a keytab, copied to the host running the libvirt daemon +and placed in /etc/libvirt/krb5.tab

 # kadmin.local
@@ -281,7 +283,7 @@ kadmin.local: quit
 

Any client application wishing to connect to a Kerberos enabled libvirt server -merely needs to run kinit to gain a user principle. This may well +merely needs to run kinit to gain a user principal. This may well be done automatically when a user logs into a desktop session, if PAM is setup to authenticate against Kerberos.