Kerberos uses 'primary' or 'key' files (principals), not 'abstract ideal' (principles). Reported by Jason Meinzer. Reflow a paragraph to fit in 80 columns in the process. * docs/auth.html.in: Fix spelling. --- Pushing under the trivial rule. docs/auth.html.in | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/docs/auth.html.in b/docs/auth.html.in index 929afd0..1bd02f2 100644 --- a/docs/auth.html.in +++ b/docs/auth.html.in @@ -253,13 +253,15 @@ Plugin "gssapiv2" [loaded], API version: 4 features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN </pre> <p> -Next it is necessary for the administrator of the Kerberos realm to issue a principle -for the libvirt server. There needs to be one principle per host running the libvirt -daemon. The principle should be named <code>libvirt/full.hostname@KERBEROS.REALM</code>. -This is typically done by running the <code>kadmin.local</code> command on the Kerberos -server, though some Kerberos servers have alternate ways of setting up service principles. -Once created, the principle should be exported to a keytab, copied to the host running -the libvirt daemon and placed in <code>/etc/libvirt/krb5.tab</code> +Next it is necessary for the administrator of the Kerberos realm to +issue a principal for the libvirt server. There needs to be one +principal per host running the libvirt daemon. The principal should be +named <code>libvirt/full.hostname@KERBEROS.REALM</code>. This is +typically done by running the <code>kadmin.local</code> command on the +Kerberos server, though some Kerberos servers have alternate ways of +setting up service principals. Once created, the principal should be +exported to a keytab, copied to the host running the libvirt daemon +and placed in <code>/etc/libvirt/krb5.tab</code> </p> <pre> # kadmin.local @@ -281,7 +283,7 @@ kadmin.local: quit </pre> <p> Any client application wishing to connect to a Kerberos enabled libvirt server -merely needs to run <code>kinit</code> to gain a user principle. This may well +merely needs to run <code>kinit</code> to gain a user principal. This may well be done automatically when a user logs into a desktop session, if PAM is setup to authenticate against Kerberos. </p> -- 1.8.1.4