Merge pull request kubernetes#1303 from MikeSpreitzer/updoc1

devin-donnelly · web-flow · commit 99e12c694a33 · 2016-10-10T15:39:58.000-07:00
Clarified remark about authorizers determining groups
diff --git a/docs/admin/accessing-the-api.md b/docs/admin/accessing-the-api.md
@@ -52,8 +52,8 @@ On GCE, Client Certificates, Password, Plain Tokens, and JWT Tokens are all enab
 If the request cannot be authenticated, it is rejected with HTTP status code 401.
 Otherwise, the user is authenticated as a specific `username`, and the user name
 is available to subsequent steps to use in their decisions.  Some authenticators
-may also provide the group memberships of the user, while other authenticators
-do not (and expect the authorizer to determine these).
+also provide the group memberships of the user, while other authenticators
+do not.
 
 While Kubernetes uses "usernames" for access control decisions and in request logging,
 it does not have a `user` object nor does it store usernames or other information about
