fix(auth): Correct max password length in config.sample.php jtr-auth-pw-max-length-config-sample

Signed-off-by: Josh <josh.t.richards@gmail.com>

1 files changed, 10 insertions, 11 deletions

diff --git a/config/config.sample.php b/config/config.sample.php
index 4494cd8c481..a16442bf6f6 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -474,21 +474,20 @@ $CONFIG = [
 'auth.webauthn.enabled' => true,
 
 /**
- * Whether encrypted passwords should be stored in the database
+ * By default, the passwords are stored (encrypted) in the database, but this can be
+ * explicitly disabled by admins with special requirements (with various caveats).
  *
- * The passwords are only decrypted using the login token stored uniquely in the
- * clients and allow connecting to external storages, autoconfiguring mail accounts in
- * the mail app, and periodically checking if the password is still valid.
+ * The passwords are only decrypted using the login token stored uniquely in each
+ * client. The passwords allow connecting to external storages, autoconfiguring mail 
+ * accounts in the mail app, and periodically checking if the password is still valid.
  *
- * This might be desirable to disable this functionality when using one-time
- * passwords or when having a password policy enforcing long passwords (> 300
- * characters).
- *
- * By default, the passwords are stored encrypted in the database.
+ * It may be desirable to disable this functionality when using one-time passwords
+ * or when enforcing extremely long passwords (>469 bytes aka: 
+ * `IUserManager::MAX_PASSWORD_LENGTH`).
  *
  * WARNING: If disabled, password changes on the user backend (e.g., on LDAP) no
- * longer log connected clients out automatically. Users can still disconnect
- * the clients by deleting the app token from the security settings.
+ * longer will log clients out automatically. Users can still disconnect a client by 
+ * manually deleting the app token from the security settings.
  */
 'auth.storeCryptedPassword' => true,