[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: bind_simple_unprotected not implemented (ITS#2651)

To: openldap-its@OpenLDAP.org
Subject: Re: bind_simple_unprotected not implemented (ITS#2651)
From: henson@csupomona.edu
Date: Wed, 13 Aug 2003 21:16:27 GMT

On Wed, 13 Aug 2003, Kurt D. Zeilenga wrote:

> I looked at slapd.conf(5) and thought it was reasonable clear...
> but suggestions (e.g., patches) are welcomed.

What man page are you looking at? The token "simple_bind" does not appear
anywhere on the man page currently offered on the web site. In particular,
below is the current documentation for the "security" keyword which does
not appear to include any information on restricting unencrypted simple
binds.

Unfortunately, I still do not have a firm enough grasp of what is meant by
security strength factor to improve that documentation, other than adding
the availability of the simple_bind option to the list.

Thanks...



security <factors>
	      Specify a set of factors (separated by white space) to  require.
	      An  integer  value is associated with each factor and is roughly
	      equivalent of the encryption key length to require.  A value  of
	      112 is equivalent to 3DES, 128 to Blowfish, etc..  The directive
	      may  be  specified  globally   and/or   per-database.    ssf=<n>
	      specifies  the  overall security strength factor.  transport=<n>
	      specifies  the  transport  security  strength  factor.   tls=<n>
	      specifies  the TLS security strength factor.  sasl=<n> specifies
	      the SASL security strength factor.  update_ssf=<n> specifies the
	      overall  security  strength  factor  to  require	for  directory
	      updates.	update_transport=<n> specifies the transport  security
	      strength	  factor    to	  require   for   directory   updates.
	      update_tls=<n> specifies the TLS	security  strength  factor  to
	      require  for  directory  updates.  update_sasl=<n> specifies the
	      SASL security strength factor to require for directory  updates.
	      Note  that  the transport factor is measure of security provided
	      by the  underlying  transport,  e.g.  ldapi://  (and  eventually
	      IPSEC).  It is not normally used.


-- 
Paul B. Henson  |  (909) 979-6361  |  http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst  |  henson@csupomona.edu
California State Polytechnic University  |  Pomona CA 91768

Prev by Date: RE: porting to BS2000 (OSD_POSIX) (ITS#2560)
Next by Date: Re: bind_simple_unprotected not implemented (ITS#2651)
Index(es):
- Chronological
- Thread