From 6f571451ef5236d6894f98c290629df706a431f2 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Sat, 30 Dec 2006 08:04:42 +0000 Subject: [PATCH] ITS#4795 drop "disallow bind_simple_unprotected"... --- doc/guide/admin/security.sdf | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/doc/guide/admin/security.sdf b/doc/guide/admin/security.sdf index 3ba16e6386..1324ee1354 100644 --- a/doc/guide/admin/security.sdf +++ b/doc/guide/admin/security.sdf @@ -148,10 +148,11 @@ it be used only in tightly controlled systems or when the LDAP session is protected by other means (e.g., TLS, {{TERM:IPsec}}). Where the administrator relies on TLS to protect the password, it is recommended that unprotected authentication be disabled. This -is done by setting "{{EX:disallow bind_simple_unprotected}}" in -{{slapd.conf}}(5). The {{EX:security}} directive's {{EX:simple_bind}} -option provides fine grain control over the level of confidential +is done using the {{EX:security}} directive's {{EX:simple_bind}} +option, which provides fine grain control over the level of confidential protection to require for {{simple}} user/password authentication. +E.g., using {{EX:security simple_bind=56}} would require {{simple}} +binds to use encryption of DES equivalent or better. The user/password authenticated bind mechanism can be completely disabled by setting "{{EX:disallow bind_simple}}". -- 2.39.5