CVE-2022-38023 docs-xml: improve wording for several options: "yields precedence...

author Ralph Boehme <slow@samba.org>

Tue, 6 Dec 2022 15:05:26 +0000 (16:05 +0100)

committer Stefan Metzmacher <metze@samba.org>

Wed, 14 Dec 2022 11:39:16 +0000 (11:39 +0000)
author Ralph Boehme <slow@samba.org>
Tue, 6 Dec 2022 15:05:26 +0000 (16:05 +0100)
committer Stefan Metzmacher <metze@samba.org>
Wed, 14 Dec 2022 11:39:16 +0000 (11:39 +0000)
diff --git a/docs-xml/smbdotconf/logon/allownt4crypto.xml b/docs-xml/smbdotconf/logon/allownt4crypto.xml

index 03dc8fa93f72e7031a2669ca60e519ff4e69dc67..06afcef73b1b973855e7b3da589fff855962a2a9 100644 (file)
--- a/docs-xml/smbdotconf/logon/allownt4crypto.xml
+++ b/docs-xml/smbdotconf/logon/allownt4crypto.xml
@@ -18,7 +18,7 @@
  
         <para>"allow nt4 crypto = yes" allows weak crypto to be negotiated, maybe via downgrade attacks.</para>
  
-       <para>This option yields precedence to the 'reject md5 clients' option.</para>
+       <para>This option is over-ridden by the 'reject md5 clients' option.</para>
  </description>
  
  <value type="default">no</value>
diff --git a/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml b/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml

index 03531adbfb368d73a8137dcf9820f373bce27a84..8bccab391cc274fd1d8d0d70f64cca4cef46e956 100644 (file)
--- a/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml
+++ b/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml
@@ -15,7 +15,7 @@
         <para>The behavior can be overwritten per interface name (e.g. lsarpc, netlogon, samr, srvsvc,
         winreg, wkssvc ...) by using 'allow dcerpc auth level connect:interface = yes' as option.</para>
  
-       <para>This option yields precedence to the implementation specific restrictions.
+       <para>This option is over-ridden by the implementation specific restrictions.
         E.g. the drsuapi and backupkey protocols require DCERPC_AUTH_LEVEL_PRIVACY.
         The dnsserver protocol requires DCERPC_AUTH_LEVEL_INTEGRITY.
         </para>
diff --git a/docs-xml/smbdotconf/security/clientschannel.xml b/docs-xml/smbdotconf/security/clientschannel.xml

index 5b07da95050c6cc29bbc53b45eb97d60e7277486..d124ad48181831c598444c8cf788d819fb06468c 100644 (file)
--- a/docs-xml/smbdotconf/security/clientschannel.xml
+++ b/docs-xml/smbdotconf/security/clientschannel.xml
@@ -23,7 +23,7 @@
      <para>Note that for active directory domains this is hardcoded to
      <smbconfoption name="client schannel">yes</smbconfoption>.</para>
  
-    <para>This option yields precedence to the <smbconfoption name="require strong key"/> option.</para>
+    <para>This option is over-ridden by the <smbconfoption name="require strong key"/> option.</para>
  </description>
  <value type="default">yes</value>
  <value type="example">auto</value>
diff --git a/docs-xml/smbdotconf/security/serverschannel.xml b/docs-xml/smbdotconf/security/serverschannel.xml

index bd9fea84a7e777b6b85c73ef95ca8c7e8c696d36..394ffdc36fbd86abd3f4a0d103376345e09eebd2 100644 (file)
--- a/docs-xml/smbdotconf/security/serverschannel.xml
+++ b/docs-xml/smbdotconf/security/serverschannel.xml
@@ -23,7 +23,7 @@
      <para>If you still have legacy domain members use the <smbconfoption name="server require schannel:COMPUTERACCOUNT"/> option.
      </para>
  
-    <para>This option yields precedence to the <smbconfoption name="server require schannel:COMPUTERACCOUNT"/> option.</para>
+    <para>This option is over-ridden by the <smbconfoption name="server require schannel:COMPUTERACCOUNT"/> option.</para>
  
  </description>
  
diff --git a/docs-xml/smbdotconf/winbind/requirestrongkey.xml b/docs-xml/smbdotconf/winbind/requirestrongkey.xml

index b17620ec8f1d1549d9851aea891e14fce8c07fcc..9c1c1d7af14899bdbdff36dc1b3af3a80106a53a 100644 (file)
--- a/docs-xml/smbdotconf/winbind/requirestrongkey.xml
+++ b/docs-xml/smbdotconf/winbind/requirestrongkey.xml
@@ -17,7 +17,7 @@
  
         <para>Note for active directory domain this option is hardcoded to 'yes'</para>
  
-       <para>This option yields precedence to the <smbconfoption name="reject md5 servers"/> option.</para>
+       <para>This option is over-ridden by the <smbconfoption name="reject md5 servers"/> option.</para>
  
         <para>This option overrides the <smbconfoption name="client schannel"/> option.</para>
  </description>
author	Ralph Boehme <slow@samba.org>
	Tue, 6 Dec 2022 15:05:26 +0000 (16:05 +0100)
committer	Stefan Metzmacher <metze@samba.org>
	Wed, 14 Dec 2022 11:39:16 +0000 (11:39 +0000)
docs-xml/smbdotconf/logon/allownt4crypto.xml		patch \| blob \| history
docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml		patch \| blob \| history
docs-xml/smbdotconf/security/clientschannel.xml		patch \| blob \| history
docs-xml/smbdotconf/security/serverschannel.xml		patch \| blob \| history
docs-xml/smbdotconf/winbind/requirestrongkey.xml		patch \| blob \| history