Merge pull request #6730 from EnterpriseDB/docs/edits_to_pem10_group2

Docs/edits to pem10 batch 2

Author: nidhibhammar

product_docs/docs/pem/10/certificates/regenerating_agent_certificates.mdx

@@ -6,17 +6,17 @@ redirects:
 ---
 
 !!! Important
-These steps are automatically performed by default when the certificates are nearing expiry.
-These instructions are provided for completeness incase you need to manually regenerate the PEM certificates and keys. 
+PEM performs these steps by default when the certificates are nearing expiry.
+These instructions are provided for completeness in case you need to manually regenerate the PEM certificates and keys. 
 !!!
 
 You need to regenerate the agent certificates and key files:
-- If the PEM server certificates are regenerated
-- If the PEM agent certificates are near expiring
+- If the PEM server certificates are regenerated.
+- If the PEM agent certificates are near expiring.
 
 You must regenerate a certificate and a key for each agent interacting with the PEM server and copy it to the agent.
 
-Each agent has a unique identifier that's stored in the pem.agent table of the pem database. You must replace the certificate and key files with the certificate or key files that corresponds to the agent's identifier. 
+Each agent has a unique identifier that's stored in the pem.agent table of the `pem` database. You must replace the certificate and key files with the certificate or key files that correspond to the agent's identifier. 
 
 Prerequisites:
 - PEM server has certificates.
@@ -66,9 +66,9 @@ To generate a PEM agent certificate and key file pair:
 
    Where `-req` indicates the input is a CSR. The `-CA` and `-CAkey` options specify the root certificate and private key to use for signing the CSR.
 
-   Before generating the next certificate and key file pair, move the `agent.key` and `agent.crt` files generated in the steps 2 and 4 on their respective PEM agent host.
+   Before generating the next certificate and key-file pair, move the `agent.key` and `agent.crt` files generated in steps 2 and 4 on their respective PEM agent host.
 
-6. Change the permission on the new `agent<ID>.crt` and `agent<ID>.key` file:
+6. Change the permission on the new `agent<ID>.crt` and `agent<ID>.key` files:
 
    ```shell
    chmod 600 agent<ID>.crt agent<ID>.key

product_docs/docs/pem/10/certificates/replacing_ssl_certificates.mdx

@@ -8,8 +8,8 @@ redirects:
 If the PEM backend database server certificates are near expiring, plan to regenerate the certificates and key files.
 
 !!! Important
-By default, these steps are performed automatically when the certificates are nearing expiry.
-These instructions are provided for completeness if incase you need to manually regenerate the PEM certificates and keys. 
+PEM performs these steps by default when the certificates are nearing expiry.
+These instructions are provided for completeness in case you need to manually regenerate the PEM certificates and keys.
 !!!
 
 To replace the SSL certificates:
@@ -91,7 +91,7 @@ To replace the SSL certificates:
    openssl genrsa -out server.key 4096 
    ```
 
-1. Move the `server.key` to the data directory of the backend server, and change the ownership and permissions:
+1. Move `server.key` to the data directory of the backend server, and change the ownership and permissions:
 
    ```shell
    mv server.key /var/lib/edb/as<x>/data
@@ -105,9 +105,9 @@ To replace the SSL certificates:
    openssl req -new -key server.key -out server.csr -subj '/C=IN/ST=MH/L=Pune/O=EDB/CN=PEM'
    ```
 
-   Where `-subj` is provided as per your requirements. You define `CN` asthe hostname/domain name of the PEM server host. 
+   Where `-subj` is provided as per your requirements. You define `CN` as the hostname/domain name of the PEM server host. 
 
-1. Use the `openssl x509` command to sign the CSR and generate a server certificate. Move the `server.crt` to the data directory of the backend database server:
+1. Use the `openssl x509` command to sign the CSR and generate a server certificate. Move `server.crt` to the data directory of the backend database server:
 
    ```shell
    openssl x509 -req -days 365 -in server.csr -CA ca_certificate.crt -CAkey ca_key.key -CAcreateserial -out server.crt
@@ -132,4 +132,3 @@ To replace the SSL certificates:
    Restarting the backend database server restarts the PEM server.
 
 1. Regenerate each PEM agent's SSL certificates. For more information, see [Regenerating agent SSL certificates](regenerating_agent_certificates).
-

product_docs/docs/pem/10/changing_default_port.mdx

@@ -2,7 +2,7 @@
 title: "Changing the default port"
 ---
 
-By default, the 8443 port is assigned for the web services at the time of configuration of the PEM server. 
+By default, the 8443 port is assigned for the web services when the PEM server is configured. 
 You can change the port after configuration by changing a few parameters in the web server configuration files. 
 The names and locations of these files are platform specific.
 

product_docs/docs/pem/10/considerations/authentication_options/configuring_2fa_authentication.mdx

@@ -8,7 +8,7 @@ redirects:
 
 ---
 
-PEM supports two methods for 2FA:
+PEM supports two methods for two-factor authentication (2FA):
 
 -   Email authentication
 -   Authenticator app (such as Google Authenticator)
@@ -17,7 +17,7 @@ To enable 2FA, you can copy these settings from the `config.py` file to the `con
 
 | Parameter              | Description                                                                                                                                                       |
 | ---------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| MFA_ENABLED            | Set to `true` to enable the two-factor authentication. Default value is `false`.                                                                                 |
+| MFA_ENABLED            | Set to `true` to enable two-factor authentication. Default value is `false`.                                                                                 |
 | MFA_FORCE_REGISTRATION | Set to `true` to ask the users to register forcefully for the two-factor authentication methods at login. Default value is `false`.                              |
 | MFA_SUPPORTED_METHODS  | Set to `email` to use the email authentication method (send a one-time code by email) or `authenticator` to use the TOTP-based application authentication method. |
 | MFA_EMAIL_SUBJECT      | Set to the subject of the email for email authentication. Default value is `<APP_NAME> - Verification Code`.                                                 |
@@ -28,7 +28,7 @@ To use the email authentication method, you need to configure mail server settin
 
 PEM server can send an email using either the SMTP configurations saved in the PEM configuration or using Flask-Mail.
 
-To send the email verification code using the internal SMTP configuration from the PEM configuration, set the parameter `MAIL_USE_PEM_INTERNAL` to `True`. If set to `False`, the following mail configuration is used to send the code on the user-specified email address:
+To send the email verification code using the internal SMTP configuration from the PEM configuration, set the parameter `MAIL_USE_PEM_INTERNAL` to `True`. If set to `False`, the following mail configuration is used to send the code to the user-specified email address:
 
 -   MAIL_SERVER = 'localhost'
 -   MAIL_PORT = 25

product_docs/docs/pem/10/considerations/authentication_options/configuring_the_pem_server_to_use_kerberos_authentication.mdx

@@ -13,17 +13,17 @@ You can configure Kerberos authentication for the PEM server. The Kerberos serve
     -   PEM server (PEM web server and PEM backend database server)
     -   Client machine
 
-For example, if the realm on Kerberos server is `edbpem.org`, then you can set the Kerberos server hostname to `Krb5server.edbpem.org`, the PEM server hostname to `pem.edbpem.org`, and the client's hostname to `pg12.edbpem.org`.The convention is to use the DNS domain name as the name of the realm.
+For example, if the realm on Kerberos server is `edbpem.org`, then you can set the Kerberos server hostname to `Krb5server.edbpem.org`, the PEM server hostname to `pem.edbpem.org`, and the client's hostname to `pg12.edbpem.org`. The convention is to use the DNS domain name as the name of the realm.
 
 ## 1. Install Kerberos, the PEM server, and the PEM backend database
 
-Install Kerberos on the machine that functions as the authentication server. Install the PEM server on a separate machine. For more information, see  [Installing the PEM Server](../../installing/).
+Install Kerberos on the machine that functions as the authentication server. Install the PEM server on a separate machine. For more information, see [Installing the PEM server](../../installing/).
 
-Install the PEM backend database (Postgres/EDB Postgres Advanced Server) on the same machine as the PEM server or on a different one. For more information, see the Installation steps on [EDB Docs website](https://www.enterprisedb.com/docs).
+Install the PEM backend database (Postgres/EDB Postgres Advanced Server) on the same machine as the PEM server or on a different one. For more information, see the installation steps on [EDB Docs website](https://www.enterprisedb.com/docs).
 
 ## 2. Add principals on Kerberos server
 
-Add the principals for the PEM web application deployed under an Apache web server (HTTPD/Apache2) and the PEM Backend Database Server (PostgreSQL/EDB Postgres Advanced Server).
+Add the principals for the PEM web application deployed under an Apache web server (HTTPD/Apache2) and the PEM backend database server (PostgreSQL/EDB Postgres Advanced Server).
 
 ```shell
 $ sudo kadmin.local -q "addprinc -randkey HTTP/<HOSTNAME_OF_PEM_SERVER>"
@@ -109,7 +109,7 @@ Restart the database server to reflect the changes:
 systemctl restart <POSTGRES_SERVICE_NAME>
 ```
 
-`POSTGRES_SERVICE_NAME` is the service name of the Postgres (PostgreSQL/EDB Postgres Advanced Server) database, for example, `postgresql-13` for PostgreSQL 13 database on a `RHEL` or Rocky Linux platforms.
+`POSTGRES_SERVICE_NAME` is the service name of the Postgres (PostgreSQL/EDB Postgres Advanced Server) database, for example, `postgresql-13` for PostgreSQL 13 database on a `RHEL` or Rocky Linux platform.
 
 ## 5. Obtain and view the initial ticket
 
@@ -125,10 +125,10 @@ $ kinit <USERNAME@REALM>
 $ klist 
 ```
 
-It displays the principal along with the Kerberos ticket.
+These commands display the principal along with the Kerberos ticket.
 
 !!! Note
-    The `USERNAME@REALM` specified here must be a database user having the pem_admin role and CONNECT privilege on `pem` database.
+    The `USERNAME@REALM` specified here must be a database user having the pem_admin role and CONNECT privilege on the `pem` database.
 
 ## 6. Configure the PEM server
 
@@ -158,13 +158,13 @@ If the PEM server uses Kerberos authentication:
 
 -   All the authenticated user principals are appended with the realm (USERNAME@REALM) and passed as the database user name by default. To override the default, in the `config_local.py` file, add the parameter `PEM_USER_KRB_INCLUDE_REALM` and set it to `False`.
 
--   Restart the Apache server
+-   Restart the Apache server:
 
     ```shell
     sudo systemctl restart <SERVICE_NAME>
     ```
 
--   Edit the entries at the top of `pg_hba.conf` to use the gss authentication method, and reload the database server.
+-   Edit the entries at the top of `pg_hba.conf` to use the gss authentication method, and reload the database server:
 
     ```shell
     host  pem       +pem_user    <ip_of_pem_server>/32   gss
@@ -178,25 +178,25 @@ If the PEM server uses Kerberos authentication:
     `POSTGRES_SERVICE_NAME` is the service name of the Postgres (PostgreSQL/EDB Postgres Advanced Server) database, for example, `postgresql-13` for PostgreSQL 13 database on a `RHEL` or Rocky Linux platforms.
 
 !!! Note
-    If you're using PostgreSQL or EDB Postgres Advanced Server 12 or later, then you can specify connection type as `hostgssenc` to allow only gss-encrypted connection.
+    If you're using PostgreSQL or EDB Postgres Advanced Server 12 or later, you can specify the connection type as `hostgssenc` to allow only gss-encrypted connections.
 
 
 ## 7. Browser settings
 
-Configure the browser on the client machine to access the PEM web client to use the Spnego/Kerberos.
+Configure the browser on the client machine to access the PEM web client to use Spnego/Kerberos.
 
 For Mozilla Firefox:
 
 1.   Open the low-level Firefox configuration page by loading the `about:config` page.
 1.   In the search box, enter `network.negotiate-auth.trusted-uris`.
-1.   Double-click the `network.negotiate-auth.trusted-uris` preference and enter the hostname or the domain of the web server that's protected by Kerberos HTTP SPNEGO. Separate multiple domains and hostnames with a comma.
+1.   Double-click the `network.negotiate-auth.trusted-uris` preference and enter the hostname or the domain of the web server that's protected by Kerberos HTTP SPNEGO. Separate multiple domains and hostnames with commas.
 1.   In the search box, enter `network.negotiate-auth.delegation-uris`.
-1.   Double-click the `network.negotiate-auth.delegation-uris` preference and enter the hostname or the domain of the web server that's protected by Kerberos HTTP SPNEGO. Separate multiple domains and hostnames with a comma.
+1.   Double-click the `network.negotiate-auth.delegation-uris` preference and enter the hostname or the domain of the web server that's protected by Kerberos HTTP SPNEGO. Separate multiple domains and hostnames with commas.
 1.   Select **OK**.
 
 For Google Chrome on Linux or MacOS:
 
--   Add the `--auth-server-whitelist` parameter to the `google-chrome` command. For example, to run Chrome from a Linux prompt, run the `google-chrome` command as follows:
+-   Add the `--auth-server-whitelist` parameter to the `google-chrome` command. For example, to run Chrome from a Linux prompt, use this `google-chrome` command:
 
     ```ini
     google-chrome --auth-server-whitelist = "hostname/domain"
@@ -215,4 +215,4 @@ For Google Chrome on Linux or MacOS:
     `psql: GSSAPI continuation error: Unspecified GSS failure. Minor code may provide more information`
     `GSSAPI continuation error: Key version is not available`
 
-    Add encryption types to the keytab using ktutil or by recreating the Postgres keytab with all crypto systems from AD. 
+    Add encryption types to the keytab using ktutil or by re-creating the Postgres keytab with all crypto systems from AD.

product_docs/docs/pem/10/considerations/authentication_options/configuring_the_pem_server_to_use_windows_kerberos_server.mdx

@@ -5,7 +5,7 @@ redirects:
 - /pem/latest/pem_inst_guide_linux/04_installing_postgres_enterprise_manager/07_configuring_the_pem_server_to_use_windows_kerberos_server/
 ---
 
-The Windows Active Directory domain service works with hostnames and not with IP addresses. To use single sign-on in PEM Server using Active Directory domain services, configure the following machines with hostnames using the DNS: 
+The Windows Active Directory domain service works with hostnames and not with IP addresses. To use single sign-on in PEM server using Active Directory domain services, configure the following machines with hostnames using the DNS: 
 
 -   Windows server (domain controller)
 -   PEM server (PEM web server and PEM backend database server)
@@ -33,15 +33,15 @@ Create users in Active Directory of the Windows server to map with the HTTP serv
 
 1.  Enter the user details.
 
-1.  Give the password and make sure to clear **User must change password at next logon**. Also select **User cannot change password** and **Password never expires**.
+1.  Enter the password and make sure to clear **User must change password at next logon**. Also select **User cannot change password** and **Password never expires**.
 
 1.  Review the user details.
 
 1.  On the PEMServer Web Properties dialog box, add the users as members of the Domain Users group:
 
     ![PEM Server Web Properties](../../images/pem_server_web_properties_member_of.png)
 
-1.  Create the user (for example, pemserverdb) in Active Cirectory of the Windows server to map with the Postgres service principal for the PEM backend database.
+1.  Create the user (for example, pemserverdb) in Active Directory on the Windows server to map with the Postgres service principal for the PEM backend database.
 
 ## 3. Extract key tables from Active Directory
 
@@ -98,7 +98,7 @@ Extract the key tables for the service principals and map them with the respecti
 
 ## 4. Configure the PEM backend database server
 
-Add the key table location in the `postgresql.conf` file.
+Add the key table location in the `postgresql.conf` file:
 
 ```shell
 krb_server_keyfile='FILE:/<DATA_DIRECTORY_OF_POSTGRES>/pemdb.keytab'
@@ -147,7 +147,7 @@ $ kinit <USERNAME@REALM>
 $ klist 
 ```
 
-It displays the principal along with the Kerberos ticket.
+These commands display the principal along with the Kerberos ticket.
 
 !!! Note
     The `USERNAME@REALM` specified here must be a database user having the pem_admin role and CONNECT privileges on the `pem` database.
@@ -160,14 +160,14 @@ Run the PEM configure script on the PEM server to use Kerberos authentication:
     $ sudo PEM_APP_HOST=pem.edbpem.internal PEM_KRB_KTNAME=<PEM_INSTALLATION_DIRECTORY/share/pemserver.keytab <PEM_INSTALLATION_DIRECTORY>/bin/configure-pem-server.sh
     ```
 
-In the `config_setup.py` file, configure `PEM_DB_HOST` and check that the value of `PEM_AUTH_METHOD` is set to `'kerberos'`.
+In the `config_setup.py` file, configure `PEM_DB_HOST` and check that the value of `PEM_AUTH_METHOD` is set to `'kerberos'`:
 
     ```shell
     $ sudo vim <PEM_INSTALLATION_DIRECTORY>/share/web/config_setup.py
     PEM_DB_HOST=`pem.edbpem.internal`
     ```
 
-Configure `HOST` in the `.install-config` file.
+Configure `HOST` in the `.install-config` file:
 
     ```shell
     $ sudo vim <PEM_INSTALLATION_DIRECTORY>/share/.install-config
@@ -186,7 +186,7 @@ Restart the Apache server:
     sudo systemctl restart <SERVICE_NAME>
     ```
 
-Edit the entries at the top in `pg_hba.conf` to use the gss authentication method. Then reload the database server.
+Edit the entries at the top in `pg_hba.conf` to use the gss authentication method. Then reload the database server:
 
     ```shell
     host  pem       +pem_user    <ip_of_pem_server>/32   gss
@@ -200,11 +200,11 @@ Edit the entries at the top in `pg_hba.conf` to use the gss authentication metho
 `POSTGRES_SERVICE_NAME` is the service name of the Postgres (PostgreSQL/EDB Postgres Advanced Server) database, for example, `postgresql-13` for PostgreSQL 13 database on RHEL or Rocky Linux platforms.
 
 !!! Note
-    You can't specify the connection type as `hostgssenc`. Windows doesn't support gss encrypted connection.
+    You can't specify the connection type as `hostgssenc`. Windows doesn't support gss-encrypted connections.
 
 ## 7. Browser settings
 
-Configure the browser on the client machine to access the PEM web client to use the Spnego/Kerberos.
+Configure the browser on the client machine to access the PEM web client to use Spnego/Kerberos.
 
 For Mozilla Firefox:
 
@@ -217,7 +217,7 @@ For Mozilla Firefox:
 
 For Google Chrome on Linux or MacOS:
 
--   Add the `--auth-server-whitelist` parameter to the `google-chrome` command. For example, to run Chrome from a Linux prompt, run the `google-chrome` command as follows:
+-   Add the `--auth-server-whitelist` parameter to the `google-chrome` command. For example, to run Chrome from a Linux prompt, use this `google-chrome` command:
 
     ```ini
     google-chrome --auth-server-whitelist = "hostname/domain"
@@ -236,4 +236,4 @@ For Google Chrome on Linux or MacOS:
     `psql: GSSAPI continuation error: Unspecified GSS failure. Minor code may provide more information`
     `GSSAPI continuation error: Key version is not available`
 
-    Add encryption types to the keytab using ktutil or by recreating the Postgres keytab with all crypto systems from AD. 
+    Add encryption types to the keytab using ktutil or by re-creating the Postgres keytab with all crypto systems from AD. 

product_docs/docs/pem/10/considerations/authentication_options/index.mdx

@@ -9,7 +9,7 @@ navigation:
 
 ---
 
-PEM also supports Kerberos and 2FA authentication. For implementation instructions, see: 
+PEM supports Kerberos and two-factor authentication. For implementation instructions, see: 
 
 On Linux: