From: Kurt Zeilenga Date: Fri, 25 Mar 2005 03:48:04 +0000 (+0000) Subject: s/privacy/confidentiality/ X-Git-Tag: OPENLDAP_AC_BP~1068 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=accc49849b5c23735e9a1dec6885e43229c235f2;p=openldap s/privacy/confidentiality/ --- diff --git a/doc/guide/admin/intro.sdf b/doc/guide/admin/intro.sdf index b5afe7fe1a..3acdc2a7cd 100644 --- a/doc/guide/admin/intro.sdf +++ b/doc/guide/admin/intro.sdf @@ -132,10 +132,10 @@ be useful to you. {{How is the information protected from unauthorized access?}} Some directory services provide no protection, allowing anyone to see -the information. LDAP provides a mechanism for a client to -authenticate, or prove its identity to a directory server, paving -the way for rich access control to protect the information the -server contains. LDAP also supports privacy and integrity security +the information. LDAP provides a mechanism for a client to authenticate, +or prove its identity to a directory server, paving the way for +rich access control to protect the information the server contains. +LDAP also supports data security (integrity and confidentiality) services. @@ -172,8 +172,8 @@ servers. The stand-alone LDAP daemon, or {{slapd}}(8), can be viewed as a {{lightweight}} X.500 directory server. That is, it does not -implement the X.500's DAP. As a {{lightweight directory}} server, -{{slapd}}(8) implements only a subset of the X.500 models. +implement the X.500's DAP nor does it support the complete X.500 +models. If you are already running a X.500 DAP service and you want to continue to do so, you can probably stop reading this guide. This @@ -223,12 +223,14 @@ interesting features and capabilities include: {{slapd}} supports LDAP over both IPv4 and IPv6 and Unix IPC. {{B:{{TERM[expand]SASL}}}}: {{slapd}} supports strong authentication -services through the use of SASL. {{slapd}}'s SASL implementation -utilizes {{PRD:Cyrus}} {{PRD:SASL}} software which supports a number -of mechanisms including DIGEST-MD5, EXTERNAL, and GSSAPI. - -{{B:{{TERM[expand]TLS}}}}: {{slapd}} provides privacy and integrity -protections through the use of TLS (or SSL). {{slapd}}'s TLS +and data security (integrity and confidentiality) services through +the use of SASL. {{slapd}}'s SASL implementation utilizes {{PRD:Cyrus}} +{{PRD:SASL}} software which supports a number of mechanisms including +DIGEST-MD5, EXTERNAL, and GSSAPI. + +{{B:{{TERM[expand]TLS}}}}: {{slapd}} supports certificate-based +authentication and data security (integrity and confidentiality) +services through the use of TLS (or SSL). {{slapd}}'s TLS implementation utilizes {{PRD:OpenSSL}} software. {{B:Topology control}}: {{slapd}} can be configured to restrict diff --git a/doc/guide/admin/slapdconfig.sdf b/doc/guide/admin/slapdconfig.sdf index 46f970b97d..ba6ce2c50e 100644 --- a/doc/guide/admin/slapdconfig.sdf +++ b/doc/guide/admin/slapdconfig.sdf @@ -321,10 +321,10 @@ depending on whether simple password-based authentication or Kerberos authentication or {{TERM:SASL}} authentication is to be used when connecting to the slave slapd. -Simple authentication should not be used unless adequate integrity -and privacy protections are in place (e.g. TLS or IPSEC). Simple -authentication requires specification of {{EX:binddn}} and -{{EX:credentials}} parameters. +Simple authentication should not be used unless adequate data +integrity and confidentiality protections are in place (e.g. TLS +or IPSEC). Simple authentication requires specification of +{{EX:binddn}} and {{EX:credentials}} parameters. Kerberos authentication is deprecated in favor of SASL authentication mechanisms, in particular the {{EX:KERBEROS_V4}} and {{EX:GSSAPI}} @@ -516,10 +516,10 @@ depending on whether simple password-based authentication or {{TERM:SASL}} authentication is to be used when connecting to the provider slapd. -Simple authentication should not be used unless adequate integrity -and privacy protections are in place (e.g. TLS or IPSEC). Simple -authentication requires specification of {{EX:binddn}} and -{{EX:credentials}} parameters. +Simple authentication should not be used unless adequate data +integrity and confidentiality protections are in place (e.g. TLS +or IPSEC). Simple authentication requires specification of {{EX:binddn}} +and {{EX:credentials}} parameters. SASL authentication is generally recommended. SASL authentication requires specification of a mechanism using the {{EX:saslmech}} parameter.