--On Thursday, September 27, 2007 11:49 PM -0700 Howard Chu hyc@symas.com wrote:
2.15 Require Protection For Simple Bind Although this directive is redundant the to the simple_bind security factor, it is still
recommended
as it is vital to protect the authentication process. Of course the
SSF
setting allows greater control of the ciphers used. Discussion: The 'disallow bind_simple_unprotected' directive requires at least some
level
of encryption before simple password bind operations are allowed.
disallow
bind_simple_unprotected
There is no such directive in OpenLDAP. Where did this recommendation
come from?
There used to be, though. The current equivalent is:
security simple_bind=0
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration