From: Quanah Gibson-Mount Date: Tue, 2 Jan 2007 23:06:34 +0000 (+0000) Subject: ITS#4795 drop "disallow bind_simple_unprotected"... X-Git-Tag: OPENLDAP_REL_ENG_2_3_32~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eab901ae35313f9f3ceb15a45fa8c0680f92f0b1;p=thirdparty%2Fopenldap.git ITS#4795 drop "disallow bind_simple_unprotected"... --- diff --git a/doc/guide/admin/security.sdf b/doc/guide/admin/security.sdf index b180dc4a15..92a317e0d3 100644 --- a/doc/guide/admin/security.sdf +++ b/doc/guide/admin/security.sdf @@ -147,10 +147,11 @@ it be used only in tightly controlled systems or when the LDAP session is protected by other means (e.g., TLS, {{TERM:IPSEC}}). Where the administrator relies on TLS to protect the password, it is recommended that unprotected authentication be disabled. This -is done by setting "{{EX:disallow bind_simple_unprotected}}" in -{{slapd.conf}}(5). The {{EX:security}} directive's {{EX:simple_bind}} -option provides fine grain control over the level of confidential +is done using the {{EX:security}} directive's {{EX:simple_bind}} +option, which provides fine grain control over the level of confidential protection to require for {{simple}} user/password authentication. +E.g., using {{EX:security simple_bind=56}} would require {{simple}} +binds to use encryption of DES equivalent or better. The user/password authenticated bind mechanism can be completely disabled by setting "{{EX:disallow bind_simple}}".