clarify "by anonymous auth" semantics

diff --git a/doc/guide/admin/slapdconfig.sdf b/doc/guide/admin/slapdconfig.sdf
index b2b26fbf99fda2b855ce41b1b91ea918e595e1cb..1b38b5fd402083c7d2c5e0869ebcca3535b332cb 100644 (file)
--- a/doc/guide/admin/slapdconfig.sdf
+++ b/doc/guide/admin/slapdconfig.sdf
@@ -771,11 +771,12 @@ This access directive grants read access to everyone.
 >              by anonymous auth
 >              by * read
 
-This directive allows users to modify their own entries, allows
-authenticate, and allows all others to read.  Note that only the
-first {{EX:by <who>}} clause which matches applies.  Hence, the
-anonymous users are granted {{EX:auth}}, not {{EX:read}}.  The last
-clause could just as well have been "{{EX:by users read}}".
+This directive allows the user to modify their entry, allows anonymous
+to authentication against these entries, and allows all others to
+read these entries.  Note that only the first {{EX:by <who>}} clause
+which matches applies.  Hence, the anonymous users are granted
+{{EX:auth}}, not {{EX:read}}.  The last clause could just as well
+have been "{{EX:by users read}}".
 
 It is often desirable to restrict operations based upon the level
 of protection in place.  The following shows how security strength
@@ -788,10 +789,12 @@ factors (SSF) can be used.
 
 This directive allows users to modify their own entries if security
 protections have of strength 128 or better have been established,
-allows simple authentication and read access when 64 or better
-security protections have been established.
+allows authentication access to anonymous users, and read access
+when 64 or better security protections have been established.  If
+client has not establish sufficient security protections, the
+implicit {{EX:by * none}} clause would be applied.
 
-The following example shows the use of a regular expression
+The following example shows the use of a style specifiers
 to select the entries by DN in two access directives where
 ordering is significant.