diff options
-rw-r--r-- | qemu-doc.texi | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/qemu-doc.texi b/qemu-doc.texi index 6201932590..8efc943b04 100644 --- a/qemu-doc.texi +++ b/qemu-doc.texi @@ -638,7 +638,7 @@ and SASL party. For x509 certs, the ACL check is made against the certificate's distinguished name. This is something that looks like @code{C=GB,O=ACME,L=Boston,CN=bob}. For SASL party, the ACL check is made against the username, which depending on the SASL plugin, may -include a realm component, eg @code{bob} or @code{bob\@EXAMPLE.COM}. +include a realm component, eg @code{bob} or @code{bob@@EXAMPLE.COM}. When the @option{acl} flag is set, the initial access list will be empty, with a @code{deny} policy. Thus no one will be allowed to use the VNC server until the ACLs have been loaded. This can be @@ -1423,14 +1423,14 @@ always @code{deny} @item acl allow <aclname> <match> [<index>] add a match to the access control list, allowing access. The match will normally be an exact username or x509 distinguished name, but can -optionally include wildcard globs. eg @code{*\@EXAMPLE.COM} to allow +optionally include wildcard globs. eg @code{*@@EXAMPLE.COM} to allow all users in the @code{EXAMPLE.COM} kerberos realm. The match will normally be appended to the end of the ACL, but can be inserted earlier in the list if the optional @code{index} parameter is supplied. @item acl deny <aclname> <match> [<index>] add a match to the access control list, denying access. The match will normally be an exact username or x509 distinguished name, but can -optionally include wildcard globs. eg @code{*\@EXAMPLE.COM} to allow +optionally include wildcard globs. eg @code{*@@EXAMPLE.COM} to allow all users in the @code{EXAMPLE.COM} kerberos realm. The match will normally be appended to the end of the ACL, but can be inserted earlier in the list if the optional @code{index} parameter is supplied. |