From d3e539d4a4a3fa52420768795cc3944d48cc616a Mon Sep 17 00:00:00 2001
From: trasz <trasz@FreeBSD.org>
Date: Tue, 25 Mar 2014 12:20:29 +0000
Subject: MFC r261762:

Use "default" as default discovery-auth-group, instead of "no-access".
It doesn't change visible behaviour, as previously auth-group "default"
wasn't redefinable, so by default access was always denied.

Sponsored by:	The FreeBSD Foundation
---
 usr.sbin/ctld/ctl.conf.5 | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'usr.sbin/ctld/ctl.conf.5')

diff --git a/usr.sbin/ctld/ctl.conf.5 b/usr.sbin/ctld/ctl.conf.5
index e01f37d..d44caa8 100644
--- a/usr.sbin/ctld/ctl.conf.5
+++ b/usr.sbin/ctld/ctl.conf.5
@@ -131,9 +131,11 @@ The following statements are available at the portal-group level:
 .It Ic discovery-auth-group Aq Ar name
 Assigns previously defined authentication group to that portal group,
 to be used for target discovery.
-By default, the discovery will be denied.
-A special auth-group, "no-authentication", may be used to allow for discovery
-without authentication.
+By default, portal groups that do not specify their own auth settings,
+using clauses such as "chap" or "initiator-name", are assigned
+predefined auth-group "default", which denies discovery.
+Another predefined auth-group, "no-authentication", may be used
+to permit discovery without authentication.
 .It Ic listen Aq Ar address
 Specifies IPv4 or IPv6 address and port to listen on for incoming connections.
 .It Ic listen-iser Aq Ar address
-- 
cgit v1.1