From 952ce880317825f16c256fb716167eb7fddeda49 Mon Sep 17 00:00:00 2001
From: rhaggard <rhaggard@localhost>
Date: Wed, 06 Feb 2008 18:09:50 +0000
Subject: [PATCH] Commiting configuration XML files after adding info from the old config guide to be incorporated in the new generated config reference

---
 opends/src/admin/defn/org/opends/server/admin/std/CramMD5SASLMechanismHandlerConfiguration.xml |   29 +++++++++++++++++++++++------
 1 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/opends/src/admin/defn/org/opends/server/admin/std/CramMD5SASLMechanismHandlerConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/CramMD5SASLMechanismHandlerConfiguration.xml
index 9392b4f..278cb5f 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/CramMD5SASLMechanismHandlerConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/CramMD5SASLMechanismHandlerConfiguration.xml
@@ -31,11 +31,26 @@
   xmlns:adm="http://www.opends.org/admin"
   xmlns:ldap="http://www.opends.org/admin-ldap">
   <adm:synopsis>
-    The
-    <adm:user-friendly-name />
-    is used to perform all processing related to SASL CRAM-MD5
-    authentication.
+    The CRAM-MD5 SASL mechanism provides the ability for clients to 
+    perform password-based authentication in a manner that does not 
+    expose their password in the clear. 
   </adm:synopsis>
+  <adm:description>
+    Rather than including the 
+    password in the bind request, the CRAM-MD5 mechanism uses a 
+    two-step process in which the client needs only to prove that it 
+    knows the password. The server sends randomly-generated data to 
+    the client that is to be used in the process, which makes it 
+    resistant to replay attacks. The one-way message digest 
+    algorithm ensures that the original clear-text password is not 
+    exposed.  Note that the algorithm used by the CRAM-MD5 mechanism 
+    requires that both the client and the server have access to the 
+    clear-text password (or potentially a value that is derived from 
+    the clear-text password). In order to authenticate to the server 
+    using CRAM-MD5, the password for a user's account must be encoded 
+    using a reversible password storage scheme that allows the server 
+    to have access to the clear-text value. 
+  </adm:description>
   <adm:profile name="ldap">
     <ldap:object-class>
       <ldap:name>ds-cfg-cram-md5-sasl-mechanism-handler</ldap:name>
@@ -53,8 +68,10 @@
   </adm:property-override>
   <adm:property name="identity-mapper" mandatory="true">
     <adm:synopsis>
-      Specifies the name of the identity mapper that should be used to
-      match the client authentication ID to a user entry.
+      Specifies the name of the identity mapper used
+      with this SASL mechanism handler to match the authentication 
+      ID included in the SASL bind request to the corresponding 
+      user in the directory.
     </adm:synopsis>
     <adm:syntax>
       <adm:aggregation relation-name="identity-mapper"

--
Gitblit v1.10.0