update AuthNegotiateDelegateByKdcPolicy description

Bug: b/162972077
Change-Id: I6b206a78bd5efe3eecb74767ec86e069914ce815
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2340973Reviewed-by: Drew Wilson <atwilson@chromium.org>
Commit-Queue: Roman Sorokin [CET] <rsorokin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#799181}

components/policy/resources/policy_templates.json

@@ -4241,7 +4241,7 @@
       'id': 528,
       'caption': '''Use KDC policy to delegate credentials.''',
       'tags': ['website-sharing'],
-      'desc': '''Setting the policy to Enabled means HTTP authentication respects approval by KDC policy. In other words, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> delegates credentials if the KDC sets <ph name="OK_AS_DELEGATE">OK-AS-DELEGATE</ph> on a service ticket. See RFC 5896 ( https://tools.ietf.org/html/rfc5896.html ). Service should match <ph name="AUTH_NEGOTIATE_DELEGATE_ALLOWLIST_POLICY_NAME">AuthNegotiateDelegateAllowlist</ph>.
+      'desc': '''Setting the policy to Enabled means HTTP authentication respects approval by KDC policy. In other words, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> delegates user credentials to the service being accessed if the KDC sets <ph name="OK_AS_DELEGATE">OK-AS-DELEGATE</ph> on the service ticket. See RFC 5896 ( https://tools.ietf.org/html/rfc5896.html ). The service should also be allowed by <ph name="AUTH_NEGOTIATE_DELEGATE_ALLOWLIST_POLICY_NAME">AuthNegotiateDelegateAllowlist</ph>.
 
       Setting the policy to Disabled or leaving it unset means KDC policy is ignored on supported platforms and only <ph name="AUTH_NEGOTIATE_DELEGATE_ALLOWLIST_POLICY_NAME">AuthNegotiateDelegateAllowlist</ph> is respected.