1 files changed, 28 insertions, 34 deletions

diff --git a/doc/html/admin/spake.html b/doc/html/admin/spake.html
index 2067cbe19274..39c9ee58c3b2 100644
--- a/doc/html/admin/spake.html
+++ b/doc/html/admin/spake.html
@@ -1,35 +1,26 @@
 
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<!DOCTYPE html>
 
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
   <head>
-    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="generator" content="Docutils 0.17.1: http://docutils.sourceforge.net/" />
+
     <title>SPAKE Preauthentication &#8212; MIT Kerberos Documentation</title>
-    <link rel="stylesheet" href="../_static/agogo.css" type="text/css" />
-    <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
-    <link rel="stylesheet" href="../_static/kerb.css" type="text/css" />
-    <script type="text/javascript">
-      var DOCUMENTATION_OPTIONS = {
-        URL_ROOT:    '../',
-        VERSION:     '1.21.2',
-        COLLAPSE_INDEX: false,
-        FILE_SUFFIX: '.html',
-        HAS_SOURCE:  true,
-        SOURCELINK_SUFFIX: '.txt'
-      };
-    </script>
-    <script type="text/javascript" src="../_static/jquery.js"></script>
-    <script type="text/javascript" src="../_static/underscore.js"></script>
-    <script type="text/javascript" src="../_static/doctools.js"></script>
+    <link rel="stylesheet" type="text/css" href="../_static/pygments.css" />
+    <link rel="stylesheet" type="text/css" href="../_static/agogo.css" />
+    <link rel="stylesheet" type="text/css" href="../_static/kerb.css" />
+    <script data-url_root="../" id="documentation_options" src="../_static/documentation_options.js"></script>
+    <script src="../_static/jquery.js"></script>
+    <script src="../_static/underscore.js"></script>
+    <script src="../_static/doctools.js"></script>
     <link rel="author" title="About these documents" href="../about.html" />
     <link rel="index" title="Index" href="../genindex.html" />
     <link rel="search" title="Search" href="../search.html" />
     <link rel="copyright" title="Copyright" href="../copyright.html" />
     <link rel="next" title="Addressing dictionary attack risks" href="dictionary.html" />
     <link rel="prev" title="OTP Preauthentication" href="otp.html" /> 
-  </head>
-  <body>
+  </head><body>
     <div class="header-wrapper">
         <div class="header">
             
@@ -61,7 +52,7 @@
         <div class="bodywrapper">
           <div class="body" role="main">
             
-  <div class="section" id="spake-preauthentication">
+  <section id="spake-preauthentication">
 <span id="spake"></span><h1>SPAKE Preauthentication<a class="headerlink" href="#spake-preauthentication" title="Permalink to this headline">¶</a></h1>
 <p>SPAKE preauthentication (added in release 1.17) uses public key
 cryptography techniques to protect against <a class="reference internal" href="dictionary.html#dictionary"><span class="std std-ref">password dictionary
@@ -71,20 +62,20 @@ needs to be turned on.  Using SPAKE preauthentication may modestly
 increase the CPU and network load on the KDC.</p>
 <p>SPAKE preauthentication can use one of four elliptic curve groups for
 its password-authenticated key exchange.  The recommended group is
-<code class="docutils literal"><span class="pre">edwards25519</span></code>; three NIST curves (<code class="docutils literal"><span class="pre">P-256</span></code>, <code class="docutils literal"><span class="pre">P-384</span></code>, and
-<code class="docutils literal"><span class="pre">P-521</span></code>) are also supported.</p>
-<p>By default, SPAKE with the <code class="docutils literal"><span class="pre">edwards25519</span></code> group is enabled on
+<code class="docutils literal notranslate"><span class="pre">edwards25519</span></code>; three NIST curves (<code class="docutils literal notranslate"><span class="pre">P-256</span></code>, <code class="docutils literal notranslate"><span class="pre">P-384</span></code>, and
+<code class="docutils literal notranslate"><span class="pre">P-521</span></code>) are also supported.</p>
+<p>By default, SPAKE with the <code class="docutils literal notranslate"><span class="pre">edwards25519</span></code> group is enabled on
 clients, but the KDC does not offer SPAKE by default.  To turn it on,
 set the <strong>spake_preauth_groups</strong> variable in <a class="reference internal" href="conf_files/krb5_conf.html#libdefaults"><span class="std std-ref">[libdefaults]</span></a> to a
 list of allowed groups.  This variable affects both the client and the
-KDC.  Simply setting it to <code class="docutils literal"><span class="pre">edwards25519</span></code> is recommended:</p>
-<div class="highlight-default"><div class="highlight"><pre><span></span><span class="p">[</span><span class="n">libdefaults</span><span class="p">]</span>
+KDC.  Simply setting it to <code class="docutils literal notranslate"><span class="pre">edwards25519</span></code> is recommended:</p>
+<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">[</span><span class="n">libdefaults</span><span class="p">]</span>
     <span class="n">spake_preauth_groups</span> <span class="o">=</span> <span class="n">edwards25519</span>
 </pre></div>
 </div>
 <p>Set the <strong>+requires_preauth</strong> and <strong>-allow_svr</strong> flags on client
 principal entries, as you would for any preauthentication mechanism:</p>
-<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">kadmin</span><span class="p">:</span> <span class="n">modprinc</span> <span class="o">+</span><span class="n">requires_preauth</span> <span class="o">-</span><span class="n">allow_svr</span> <span class="n">PRINCNAME</span>
+<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">kadmin</span><span class="p">:</span> <span class="n">modprinc</span> <span class="o">+</span><span class="n">requires_preauth</span> <span class="o">-</span><span class="n">allow_svr</span> <span class="n">PRINCNAME</span>
 </pre></div>
 </div>
 <p>Clients which do not implement SPAKE preauthentication will fall back
@@ -93,7 +84,7 @@ to encrypted timestamp.</p>
 modifying the initial KDC response, defeating the protection against
 dictionary attacks.  To prevent this fallback on clients which do
 implement SPAKE preauthentication, set the
-<strong>disable_encrypted_timestamp</strong> variable to <code class="docutils literal"><span class="pre">true</span></code> in the
+<strong>disable_encrypted_timestamp</strong> variable to <code class="docutils literal notranslate"><span class="pre">true</span></code> in the
 <a class="reference internal" href="conf_files/krb5_conf.html#realms"><span class="std std-ref">[realms]</span></a> subsection for realms whose KDCs offer SPAKE
 preauthentication.</p>
 <p>By default, SPAKE preauthentication requires an extra network round
@@ -102,7 +93,7 @@ in a realm support SPAKE, this extra round trip can be eliminated
 using an optimistic challenge, by setting the
 <strong>spake_preauth_kdc_challenge</strong> variable in <a class="reference internal" href="conf_files/kdc_conf.html#kdcdefaults"><span class="std std-ref">[kdcdefaults]</span></a> to a
 single group name:</p>
-<div class="highlight-default"><div class="highlight"><pre><span></span><span class="p">[</span><span class="n">kdcdefaults</span><span class="p">]</span>
+<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">[</span><span class="n">kdcdefaults</span><span class="p">]</span>
     <span class="n">spake_preauth_kdc_challenge</span> <span class="o">=</span> <span class="n">edwards25519</span>
 </pre></div>
 </div>
@@ -110,14 +101,16 @@ single group name:</p>
 initial authentication requests that do not result in SPAKE
 preauthentication, but will save work when SPAKE preauthentication is
 used.</p>
-</div>
+</section>
 
 
+            <div class="clearer"></div>
           </div>
         </div>
       </div>
         </div>
         <div class="sidebar">
+          
     <h2>On this page</h2>
     <ul>
 <li><a class="reference internal" href="#">SPAKE Preauthentication</a></li>
@@ -174,6 +167,7 @@ used.</p>
       <input type="hidden" name="check_keywords" value="yes" />
       <input type="hidden" name="area" value="default" />
     </form>
+
         </div>
         <div class="clearer"></div>
       </div>
@@ -181,8 +175,8 @@ used.</p>
 
     <div class="footer-wrapper">
         <div class="footer" >
-            <div class="right" ><i>Release: 1.21.2</i><br />
-                &copy; <a href="../copyright.html">Copyright</a> 1985-2023, MIT.
+            <div class="right" ><i>Release: 1.21.3</i><br />
+                &copy; <a href="../copyright.html">Copyright</a> 1985-2024, MIT.
             </div>
             <div class="left">