[Date Prev][Date Next]
Re: bind_simple_unprotected not implemented (ITS#2651)
On Wed, 13 Aug 2003, Kurt D. Zeilenga wrote:
> I looked at slapd.conf(5) and thought it was reasonable clear...
> but suggestions (e.g., patches) are welcomed.
What man page are you looking at? The token "simple_bind" does not appear
anywhere on the man page currently offered on the web site. In particular,
below is the current documentation for the "security" keyword which does
not appear to include any information on restricting unencrypted simple
Unfortunately, I still do not have a firm enough grasp of what is meant by
security strength factor to improve that documentation, other than adding
the availability of the simple_bind option to the list.
Specify a set of factors (separated by white space) to require.
An integer value is associated with each factor and is roughly
equivalent of the encryption key length to require. A value of
112 is equivalent to 3DES, 128 to Blowfish, etc.. The directive
may be specified globally and/or per-database. ssf=<n>
specifies the overall security strength factor. transport=<n>
specifies the transport security strength factor. tls=<n>
specifies the TLS security strength factor. sasl=<n> specifies
the SASL security strength factor. update_ssf=<n> specifies the
overall security strength factor to require for directory
updates. update_transport=<n> specifies the transport security
strength factor to require for directory updates.
update_tls=<n> specifies the TLS security strength factor to
require for directory updates. update_sasl=<n> specifies the
SASL security strength factor to require for directory updates.
Note that the transport factor is measure of security provided
by the underlying transport, e.g. ldapi:// (and eventually
IPSEC). It is not normally used.
Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst | email@example.com
California State Polytechnic University | Pomona CA 91768