Clarify unprotected simple bind settings

author Kurt Zeilenga <kurt@openldap.org>

Tue, 8 Oct 2002 01:07:12 +0000 (01:07 +0000)

committer Kurt Zeilenga <kurt@openldap.org>

Tue, 8 Oct 2002 01:07:12 +0000 (01:07 +0000)
author Kurt Zeilenga <kurt@openldap.org>
Tue, 8 Oct 2002 01:07:12 +0000 (01:07 +0000)
committer Kurt Zeilenga <kurt@openldap.org>
Tue, 8 Oct 2002 01:07:12 +0000 (01:07 +0000)
diff --git a/doc/guide/admin/security.sdf b/doc/guide/admin/security.sdf

index e4848a6a1def9acbe73108cff388c26764df8010..a3cf12caf9f313859bc5190473791a7f5695acd5 100644 (file)
--- a/doc/guide/admin/security.sdf
+++ b/doc/guide/admin/security.sdf
@@ -146,6 +146,11 @@ is protected by other means (e.g., TLS, {{TERM:IPSEC}}).  Where the
  administrator relies on TLS to protect the password, it is recommended
  that unprotected authentication be disabled.  This is done by setting
  "{{EX:disallow bind_simple_unprotected}}" in {{slapd.conf}}(5).
+The level of confidential protection to require can be adjusted
+using the {{overall}} security strength factor using the {EX:security}}
+directive.  If this factor is not set (or set to integrity only),
+any confidentiality protection is sufficient.
+
  The user/password authenticated bind mechanism can be completely
  disabled by setting "{{EX:disallow bind_simple}}".
author	Kurt Zeilenga <kurt@openldap.org>
	Tue, 8 Oct 2002 01:07:12 +0000 (01:07 +0000)
committer	Kurt Zeilenga <kurt@openldap.org>
	Tue, 8 Oct 2002 01:07:12 +0000 (01:07 +0000)