From 3a8d169f2aca7636ccbdb9be74513743358293a6 Mon Sep 17 00:00:00 2001
From: Stonewall Jackson <stonewall@sacredheartsc.com>
Date: Tue, 28 Feb 2023 08:27:01 -0500
Subject: update readme

---
 README.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index d74b2fd..b20e638 100644
--- a/README.md
+++ b/README.md
@@ -124,10 +124,10 @@ For services that don't support Kerberos (or devices that don't support it, like
 smartphones), everything falls back to username/password authentication over TLS.
 
 Authorization is performed using FreeIPA group memberships. This is especially
-handy since FreeIPA supports nested groups. For example, all my family members
-are a member of the FreeIPA group `mylastname`. If I want to grant them access
-to `myapp`, I'll use a FreeIPA group called `role-myapp-access`, and then make
-the group `mylastname` a member of that group.
+handy since FreeIPA supports nested groups. For example, everyone in my family
+is a member of the FreeIPA group `mylastname`. If I want to grant them access
+to `myapp`, I'll make a FreeIPA group called `role-myapp-access`, and then add
+the `mylastname` group as a member.
 
 FreeIPA is also used to provision TLS certificates for all internal hosts. For
 non-managed devices like smartphones, you'll have to install the local FreeIPA
-- 
cgit