diff --git a/docs/auth.html.in b/docs/auth.html.in
index 929afd0884..1bd02f2bd6 100644
--- a/docs/auth.html.in
+++ b/docs/auth.html.in
@@ -253,13 +253,15 @@ Plugin "gssapiv2" [loaded],     API version: 4
         features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN
 </pre>
     <p>
-Next it is necessary for the administrator of the Kerberos realm to issue a principle
-for the libvirt server. There needs to be one principle per host running the libvirt
-daemon. The principle should be named <code>libvirt/full.hostname@KERBEROS.REALM</code>.
-This is typically done by running the <code>kadmin.local</code> command on the Kerberos
-server, though some Kerberos servers have alternate ways of setting up service principles.
-Once created, the principle should be exported to a keytab, copied to the host running
-the libvirt daemon and placed in <code>/etc/libvirt/krb5.tab</code>
+Next it is necessary for the administrator of the Kerberos realm to
+issue a principal for the libvirt server. There needs to be one
+principal per host running the libvirt daemon. The principal should be
+named <code>libvirt/full.hostname@KERBEROS.REALM</code>.  This is
+typically done by running the <code>kadmin.local</code> command on the
+Kerberos server, though some Kerberos servers have alternate ways of
+setting up service principals.  Once created, the principal should be
+exported to a keytab, copied to the host running the libvirt daemon
+and placed in <code>/etc/libvirt/krb5.tab</code>
 </p>
     <pre>
 # kadmin.local
@@ -281,7 +283,7 @@ kadmin.local: quit
 </pre>
     <p>
 Any client application wishing to connect to a Kerberos enabled libvirt server
-merely needs to run <code>kinit</code> to gain a user principle. This may well
+merely needs to run <code>kinit</code> to gain a user principal. This may well
 be done automatically when a user logs into a desktop session, if PAM is setup
 to authenticate against Kerberos.
 </p>