From f4dd34d24c22926b76da6f6e1d9f4c471ec2b2da Mon Sep 17 00:00:00 2001
From: rhaggard <rhaggard@localhost>
Date: Fri, 01 Feb 2008 17:30:23 +0000
Subject: [PATCH] commiting configuration XML files after adding info from the old config guide to be incorporated in the new generated config reference

---
 opends/src/admin/defn/org/opends/server/admin/std/CramMD5SASLMechanismHandlerConfiguration.xml |   26 ++++++++++++++++++++------
 1 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/opends/src/admin/defn/org/opends/server/admin/std/CramMD5SASLMechanismHandlerConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/CramMD5SASLMechanismHandlerConfiguration.xml
index 9392b4f..f0ee0a6 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/CramMD5SASLMechanismHandlerConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/CramMD5SASLMechanismHandlerConfiguration.xml
@@ -31,10 +31,22 @@
   xmlns:adm="http://www.opends.org/admin"
   xmlns:ldap="http://www.opends.org/admin-ldap">
   <adm:synopsis>
-    The
-    <adm:user-friendly-name />
-    is used to perform all processing related to SASL CRAM-MD5
-    authentication.
+    The CRAM-MD5 SASL mechanism provides the ability for clients to 
+    perform password-based authentication in a manner that does not 
+    expose their password in the clear. Rather than including the 
+    password in the bind request, the CRAM-MD5 mechanism uses a 
+    two-step process in which the client needs only to prove that it 
+    knows the password. The server sends randomly-generated data to 
+    the client that is to be used in the process, which makes it 
+    resistant to replay attacks. The one-way message digest 
+    algorithm ensures that the original clear-text password is not 
+    exposed.  Note that the algorithm used by the CRAM-MD5 mechanism 
+    requires that both the client and the server have access to the 
+    clear-text password (or potentially a value that is derived from 
+    the clear-text password). In order to authenticate to the server 
+    using CRAM-MD5, the password for a user's account must be encoded 
+    using a reversible password storage scheme that allows the server 
+    to have access to the clear-text value. 
   </adm:synopsis>
   <adm:profile name="ldap">
     <ldap:object-class>
@@ -53,8 +65,10 @@
   </adm:property-override>
   <adm:property name="identity-mapper" mandatory="true">
     <adm:synopsis>
-      Specifies the name of the identity mapper that should be used to
-      match the client authentication ID to a user entry.
+      Specifies the name of the identity mapper that is to be used
+      with this SASL mechanism handler to match the authentication 
+      ID included in the SASL bind request to the corresponding 
+      user in the directory.
     </adm:synopsis>
     <adm:syntax>
       <adm:aggregation relation-name="identity-mapper"

--
Gitblit v1.10.0