ITS#4795 drop "disallow bind_simple_unprotected"...

author Howard Chu <hyc@openldap.org>

Sat, 30 Dec 2006 08:04:42 +0000 (08:04 +0000)

committer Howard Chu <hyc@openldap.org>

Sat, 30 Dec 2006 08:04:42 +0000 (08:04 +0000)
author Howard Chu <hyc@openldap.org>
Sat, 30 Dec 2006 08:04:42 +0000 (08:04 +0000)
committer Howard Chu <hyc@openldap.org>
Sat, 30 Dec 2006 08:04:42 +0000 (08:04 +0000)
diff --git a/doc/guide/admin/security.sdf b/doc/guide/admin/security.sdf

index 3ba16e638603daeef5dd27e48763e21af6563d98..1324ee1354d4c62eeb00bb781a529d65d14b711f 100644 (file)
--- a/doc/guide/admin/security.sdf
+++ b/doc/guide/admin/security.sdf
@@ -148,10 +148,11 @@ it be used only in tightly controlled systems or when the LDAP
  session is protected by other means (e.g., TLS, {{TERM:IPsec}}).
  Where the administrator relies on TLS to protect the password, it
  is recommended that unprotected authentication be disabled.  This
-is done by setting "{{EX:disallow bind_simple_unprotected}}" in
-{{slapd.conf}}(5).  The {{EX:security}} directive's {{EX:simple_bind}}
-option provides fine grain control over the level of confidential
+is done using the {{EX:security}} directive's {{EX:simple_bind}}
+option, which provides fine grain control over the level of confidential
  protection to require for {{simple}} user/password authentication.
+E.g., using {{EX:security simple_bind=56}} would require {{simple}}
+binds to use encryption of DES equivalent or better.
  
  The user/password authenticated bind mechanism can be completely
  disabled by setting "{{EX:disallow bind_simple}}".
author	Howard Chu <hyc@openldap.org>
	Sat, 30 Dec 2006 08:04:42 +0000 (08:04 +0000)
committer	Howard Chu <hyc@openldap.org>
	Sat, 30 Dec 2006 08:04:42 +0000 (08:04 +0000)