On Wed, Jul 30, 2008 at 1:35 PM, Hallvard B Furuseth <h.b.furuseth@usit.uio.no> wrote:
Patrick Patterson writes:
>On Wed, Jul 30, 2008 at 9:59 AM, J Davis <mrsalty0@gmail.com> wrote:

Pet peeve: While it doesn't help your problem, you should in addition to
this:

>>     access to *
>>         by tls_ssf=128 ssf=128 anonymous auth
>>         by tls_ssf=128 ssf=128 self write

use something like 'security simple_bind=128 update_ssf=128'.  This
gives the result code confidentialityRequired instead of
invalidCredentials when the ssf is insufficient.  Thus users who did not
use TLS don't get the impression that they just sent the wrong password
- and maybe then send the unprotected password again

Well, that certainly is an improvement.

-Jake