Second round of MW feedback

mcmorisi · mcmorisi · commit 0b1fa78c72bf · 2025-01-17T10:47:44.000-05:00
diff --git a/source/security/auth-mechanisms/aws-iam.txt b/source/security/auth-mechanisms/aws-iam.txt
@@ -45,7 +45,7 @@ AWS authentication process:
    The client and server use different usernames. The client uses the AWS access key ID,
    but the server uses the ARN of the IAM user or role corresponding to the access key ID.
 
-AWS credentials are include the following components:
+AWS credentials include the following components:
 
 - Access key ID
 - Secret access key
@@ -65,12 +65,12 @@ uses all three components.
 
 Temporary credentials are used with:
 
-- STS `Assume Role <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-api.html>`_
+- STS `Assume Role <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-api.html>`__
   requests.
-- `EC2 instance roles <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html>`_.
-- `ECS task roles <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html>`_.
-- `AWS Lambda environment <https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html>`_.
-- `IAM roles for service accounts <https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html>`_.
+- `EC2 instance roles <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html>`__.
+- `ECS task roles <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html>`__.
+- `AWS Lambda environment <https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html>`__.
+- `IAM roles for service accounts <https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html>`__.
 
 Code Placeholders
 ~~~~~~~~~~~~~~~~~
@@ -119,7 +119,7 @@ see the corresponding syntax:
 
 .. note::
 
-  If you provide credentiasl in a URI, you must percent-encode them.
+  If you provide credentials in a URI, you must percent-encode them.
 
 Providing Temporary Credentials
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -211,21 +211,21 @@ the specified order:
 
 .. important::
 
-  A credentials source must provide a complete
-  set of credentials. For example, if your application uses the ``AWS_ACCESS_KEY_ID``
-  and ``AWS_SECRET_ACCESS_KEY`` environment variables, the driver raises an error if only
-  one of these variables has a value.
+   A credentials source must provide a complete
+   set of credentials. For example, if your application uses the ``AWS_ACCESS_KEY_ID``
+   and ``AWS_SECRET_ACCESS_KEY`` environment variables, the driver raises an error if only
+   one of these variables has a value.
 
 .. note::
 
-  If an application runs in an ECS container on an EC2 instance and
-  the container is allowed access to the instance metadata,
-  the driver attempts to retrieve AWS credentials from the EC2 instance metadata endpoint.
-  If the driver retrieves credentials in this way, your application can authenticate as the IAM
-  role assigned to the EC2 instance.
+   If an application runs in an ECS container on an EC2 instance and
+   the container is allowed access to the instance metadata,
+   the driver attempts to retrieve AWS credentials from the EC2 instance metadata endpoint.
+   If the driver retrieves credentials in this way, your application can authenticate as the IAM
+   role assigned to the EC2 instance.
 
-  To learn how to prevent containers from accessing EC2 instance metadata,
-  see the `AWS documentation <https://aws.amazon.com/premiumsupport/knowledge-center/ecs-container-ec2-metadata>`__.
+   To learn how to prevent containers from accessing EC2 instance metadata,
+   see the `AWS documentation <https://aws.amazon.com/premiumsupport/knowledge-center/ecs-container-ec2-metadata>`__.
 
 API Documentation
 -----------------
diff --git a/source/security/auth-mechanisms/kerberos.txt b/source/security/auth-mechanisms/kerberos.txt
@@ -42,49 +42,63 @@ To use the code examples on this page, replace these placeholders with your own
 Using GSSAPI Authentication in Your Application
 -----------------------------------------------
 
-To configure the MongoDB server to use Kerberos, see the
-:manual:`server Kerberos documentation
+To configure {+mdb-server+} to use Kerberos, see the
+:manual:`{+mdb-server+} Kerberos documentation
 </tutorial/control-access-to-mongodb-with-kerberos-authentication/>`.
 
-To use the Kerberos authentication mechanism with the Ruby MongoDB driver,
+To use the Kerberos authentication mechanism with the {+driver-short+},
 you must install and load the `mongo_kerberos <https://rubygems.org/gems/mongo_kerberos>`__
 library. To do so, add the following lines to your ``Gemfile``:
 
 .. code-block:: ruby
 
-  gem 'mongo', '~> 2'
-  gem 'mongo_kerberos', '~> 2'
+   gem 'mongo', '~> 2'
+   gem 'mongo_kerberos', '~> 2'
 
 Then, add the following lines to your application code:
 
 .. code-block:: ruby
 
-  require 'mongo'
-  require 'mongo_kerberos'
-
-If using Kerberos authentication with **MRI**, you must establish a Kerberos
-session to the driver. This session is used by the driver to prove the user's identity to
-the server. You must ensure that the host system is
-configured for Kerberos authentication. To learn more about configuring the host system
-to use Kerberos, see the `Kerberos documentation
-<https://web.mit.edu/kerberos/krb5-latest/doc/admin/install_clients.html>`__
-or your operating system documentation for details. Use the `kinit utility
-<https://web.mit.edu/kerberos/krb5-latest/doc/user/user_commands/kinit.html>`__
+   require 'mongo'
+   require 'mongo_kerberos'
+
+.. note::
+
+   When using Kerberos authentication, you must specify the fully qualified domain name
+   (FQDN) of the host.
+
+The following sections describe how to use Kerberos authentication with Ruby MRI and
+JRuby.
+
+Using Kerberos Authentication with Ruby MRI
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If you're using Kerberos authentication with **Ruby MRI**, you must perform the following
+steps:
+
+- Establish a Kerberos session on the driver. The driver uses this session to prove the user's identity to
+  the server. 
+  
+- You must ensure that the host system is
+  configured for Kerberos authentication. To learn more about configuring the host system
+  to use Kerberos, see the `Kerberos documentation <https://web.mit.edu/kerberos/krb5-latest/doc/admin/install_clients.html>`__
+  or your operating system documentation for details.
+
+Use the `kinit utility <https://web.mit.edu/kerberos/krb5-latest/doc/user/user_commands/kinit.html>`__
 to establish a Kerberos session.
 
-If using Kerberos authentication with **JRuby**, you can externally establish the Kerberos
-session to the driver using the process described above for MRI. Alternatively, you can directly
-provide the password to the driver by using client configuration. You can also provide the
+Using Kerberos Authentication with JRuby
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If you're using Kerberos authentication with **JRuby**, you can externally establish the Kerberos
+session to the driver by using the process described above for MRI. You can also provide the
 path to a keytab file by storing the configuration in the ``java.security.auth.login.config`` system property.
-If using JRuby, you must configure the Java Runtime Environment to use Kerberos. To learn more, see the 
-`MongoDB Java Driver Kerberos documentation
-<https://mongodb.github.io/mongo-java-driver/4.0/driver/tutorials/authentication/#gssapi>`_
+You must also configure the Java Runtime Environment to use Kerberos. To learn more, see the 
+:driver:`MongoDB Java Driver Kerberos documentation </java/sync/current/fundamentals/enterprise-auth/#kerberos--gssapi->`
 for more information.
 
-.. note::
-
-  Per the server Kerberos documentation, you must specify the FQDN of the host
-  running MongoDB when using Kerberos authentication.
+Kerberos Authentication Example
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 Select the :guilabel:`Connection String` or :guilabel:`Client Options` tab to
 see the corresponding syntax for connecting to MongoDB with Kerberos authentication:
@@ -111,8 +125,8 @@ see the corresponding syntax for connecting to MongoDB with Kerberos authenticat
 
 .. note::
 
-  If you use a connection string to connect to MongoDB, ensure that you to percent-encode any
-  special characters that appear in the username.
+   If you use a connection string to connect to MongoDB, ensure that you percent-encode any
+   special characters that appear in the username.
 
 API Documentation
 -----------------
