ITS#4795 drop "disallow bind_simple_unprotected"...

author Quanah Gibson-Mount <quanah@openldap.org>

Tue, 2 Jan 2007 23:06:34 +0000 (23:06 +0000)

committer Quanah Gibson-Mount <quanah@openldap.org>

Tue, 2 Jan 2007 23:06:34 +0000 (23:06 +0000)
author Quanah Gibson-Mount <quanah@openldap.org>
Tue, 2 Jan 2007 23:06:34 +0000 (23:06 +0000)
committer Quanah Gibson-Mount <quanah@openldap.org>
Tue, 2 Jan 2007 23:06:34 +0000 (23:06 +0000)
diff --git a/doc/guide/admin/security.sdf b/doc/guide/admin/security.sdf

index b180dc4a15c03011b7a8fb2f05a349707a4d022f..92a317e0d360b0e244ac3852d8d48dbfe174995a 100644 (file)
--- a/doc/guide/admin/security.sdf
+++ b/doc/guide/admin/security.sdf
@@ -147,10 +147,11 @@ it be used only in tightly controlled systems or when the LDAP
  session is protected by other means (e.g., TLS, {{TERM:IPSEC}}).
  Where the administrator relies on TLS to protect the password, it
  is recommended that unprotected authentication be disabled.  This
-is done by setting "{{EX:disallow bind_simple_unprotected}}" in
-{{slapd.conf}}(5).  The {{EX:security}} directive's {{EX:simple_bind}}
-option provides fine grain control over the level of confidential
+is done using the {{EX:security}} directive's {{EX:simple_bind}}
+option, which provides fine grain control over the level of confidential
  protection to require for {{simple}} user/password authentication.
+E.g., using {{EX:security simple_bind=56}} would require {{simple}}
+binds to use encryption of DES equivalent or better.
  
  The user/password authenticated bind mechanism can be completely
  disabled by setting "{{EX:disallow bind_simple}}".
author	Quanah Gibson-Mount <quanah@openldap.org>
	Tue, 2 Jan 2007 23:06:34 +0000 (23:06 +0000)
committer	Quanah Gibson-Mount <quanah@openldap.org>
	Tue, 2 Jan 2007 23:06:34 +0000 (23:06 +0000)