From 7690122914d31f201b3444f2883d68565c4dc0ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Thu, 30 Nov 2006 16:55:56 +0000 Subject: [PATCH] spelling git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19196 ec53bebd-3082-4978-b11e-865c3cabbd6b --- doc/setup.texi | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/setup.texi b/doc/setup.texi index fb158ea7b..30913634b 100644 --- a/doc/setup.texi +++ b/doc/setup.texi @@ -1101,16 +1101,16 @@ name of the TGS of the target realm. Both of these two requirements are not required by the standard to be checked by the client if it have external information what the certificate the KDC is supposed to be used. So its in the interst of -minium amount of configuration on the clients they should be included. +minimum amount of configuration on the clients they should be included. Remember that if client would accept any certificate as the KDC's certificate, the client could be fooled into trusting something that isn't a KDC and thus expose the user to giving away information (like password or other private information) that it is supposed to secret. -Also, if the extension certificate have a nameConstraints extention -with a Generalname with dNSName or iPAdress it must match the hostname -or adress of the KDC. +Also, if the certificate have a nameConstraints extention with a +Generalname with dNSName or iPAdress it must match the hostname or +adress of the KDC. @subsection Client certificate