diff options
author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-28 08:27:01 -0500 |
---|---|---|
committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-28 08:27:01 -0500 |
commit | 3a8d169f2aca7636ccbdb9be74513743358293a6 (patch) | |
tree | 9c335eb471129eb396650c96d0f004bf5a9e93c2 /README.md | |
parent | 186a0527f657ed130385a7cb76d3c6fa816ef894 (diff) | |
download | selfhosted-3a8d169f2aca7636ccbdb9be74513743358293a6.tar.gz selfhosted-3a8d169f2aca7636ccbdb9be74513743358293a6.zip |
update readme
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 8 |
1 files changed, 4 insertions, 4 deletions
@@ -124,10 +124,10 @@ For services that don't support Kerberos (or devices that don't support it, like smartphones), everything falls back to username/password authentication over TLS. Authorization is performed using FreeIPA group memberships. This is especially -handy since FreeIPA supports nested groups. For example, all my family members -are a member of the FreeIPA group `mylastname`. If I want to grant them access -to `myapp`, I'll use a FreeIPA group called `role-myapp-access`, and then make -the group `mylastname` a member of that group. +handy since FreeIPA supports nested groups. For example, everyone in my family +is a member of the FreeIPA group `mylastname`. If I want to grant them access +to `myapp`, I'll make a FreeIPA group called `role-myapp-access`, and then add +the `mylastname` group as a member. FreeIPA is also used to provision TLS certificates for all internal hosts. For non-managed devices like smartphones, you'll have to install the local FreeIPA |