X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/19545d256d58a1ea71d127f2eb25443dcbd3db64..a79a27e215ce709455d1f5354b4ae5d045ed32dd:/doc/install/install-shell-server.html.textile.liquid

diff --git a/doc/install/install-shell-server.html.textile.liquid b/doc/install/install-shell-server.html.textile.liquid
index f57d0690c5..5ac5e9e6b8 100644
--- a/doc/install/install-shell-server.html.textile.liquid
+++ b/doc/install/install-shell-server.html.textile.liquid
@@ -65,11 +65,11 @@ zzzzz-2x53u-zzzzzzzzzzzzzzz</code>
 
 h2(#scoped-token). Create scoped token
 
-As an admin arvados user (such as the system root user), create a token that is restricted to only reading login information for this VM.
+As an Arvados admin user (such as the system root user), create a "scoped token":{{site.baseurl}}/admin/scoped-tokens.html that is permits only reading login information for this VM.  Setting a scope on the token means that even though a user with root access on the shell node can access the token, the token is not usable for admin actions on Arvados.
 
 <notextile>
 <pre>
-<code>apiserver:~$ <span class="userinput">arv api_client_authorization create --api-client-authorization '{"scopes":["GET /arvados/v1/virtual_machines/<b>zzzzz-2x53u-zzzzzzzzzzzzzzz</b>/logins"]}'
+<code>apiserver:~$ <span class="userinput">arv api_client_authorization create --api-client-authorization '{"scopes":["GET /arvados/v1/virtual_machines/<b>zzzzz-2x53u-zzzzzzzzzzzzzzz</b>/logins"]}'</span>
 {
  ...
  "api_token":"zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz",