Removed {CLEARTEXT} section and move {SSHA} to beginning.

diff --git a/doc/guide/admin/security.sdf b/doc/guide/admin/security.sdf
index 10f11d7b45a9035936d7c8ffa32dbc080b6e9cdb..b529c6853de0f8053acf60e1fdaffef3275f34bb 100644 (file)
--- a/doc/guide/admin/security.sdf
+++ b/doc/guide/admin/security.sdf
@@ -194,14 +194,15 @@ database.
 The disadvantage of hashed storage is that it prevents the use of some
 authentication mechanisms such as {{EX:DIGEST-MD5}}.
 
-H3: CLEARTEXT password storage scheme
+H3: SSHA password storage scheme
 
-Cleartext passwords can be stored directly in the {{userPassword}}
-attribute, or can have the '{CLEARTEXT}' prefix. These two values are
-equivalent:
+This is the salted version of the SHA scheme. It is believed to be the
+most secure password storage scheme supported by {{slapd}}.
 
-> userPassword: secret
-> userPassword: {CLEARTEXT}secret
+These values represent the same password:
+
+> userPassword: {SSHA}DkMTwBl+a/3DQTxCYEApdUtNXGgdUac3
+> userPassword: {SSHA}d0Q0626PSH9VUld7yWpR0k6BlpQmtczb
 
 H3: CRYPT password storage scheme
 
@@ -218,7 +219,6 @@ transferred to or from an existing Unix password file without having
 to know the cleartext form. Both forms of {{crypt}} include salt so
 they have some resistance to dictionary attacks.
 
-
 Note: Since this scheme uses the operation system's {{crypt(3)}} hash function, 
 it is therefore operation system specific.
 
@@ -251,16 +251,6 @@ of salt leaves the scheme exposed to dictionary attacks.
 
 > userPassword: {SHA}5en6G6MezRroT3XKqkdPOmY/BfQ=
 
-H3: SSHA password storage scheme
-
-This is the salted version of the SHA scheme. It is believed to be the
-most secure password storage scheme supported by {{slapd}}.
-
-These values represent the same password:
-
-> userPassword: {SSHA}DkMTwBl+a/3DQTxCYEApdUtNXGgdUac3
-> userPassword: {SSHA}d0Q0626PSH9VUld7yWpR0k6BlpQmtczb
-
 H3: SASL password storage scheme
 
 This is not really a password storage scheme at all. It uses the