From bd02d32b9492eb99151e335feffe1e3947c1fdef Mon Sep 17 00:00:00 2001
From: Mark Craig <mark.craig@forgerock.com>
Date: Mon, 06 Feb 2012 16:19:02 +0000
Subject: [PATCH] OPENDJ-416: (patch) Clarify authmethod=ssl and also give example for ssf in ssf section
---
opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-privileges-acis.xml | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-privileges-acis.xml b/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-privileges-acis.xml
index 07b8d11..2492512 100644
--- a/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-privileges-acis.xml
+++ b/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-privileges-acis.xml
@@ -334,8 +334,9 @@
<term><literal>authmethod != "none|simple|ssl|sasl <replaceable>mech</replaceable>"</literal></term>
<listitem>
<para>Here you use <literal>none</literal> to mean do not check,
- <literal>simple</literal> for simple authentication, <literal>ssl</literal>
- for LDAPS, <literal>sasl <replaceable>mech</replaceable></literal> for
+ <literal>simple</literal> for simple authentication,
+ <literal>ssl</literal> for certificate-based authentication over LDAPS,
+ <literal>sasl <replaceable>mech</replaceable></literal> for
SASL where <replaceable>mech</replaceable> is DIGEST-MD5, EXTERNAL, or
GSSAPI.</para>
</listitem>
@@ -388,7 +389,9 @@
<term><literal>ssf <= "<replaceable>strength</replaceable>"</literal></term>
<listitem>
<para>Here the security strength factor pertains to the cipher key
- strength for connections using DIGEST-MD5, GSSAPI, SSL, or TLS.</para>
+ strength for connections using DIGEST-MD5, GSSAPI, SSL, or TLS. For
+ example, to require that the connection must have at least 128 bits
+ of encryption, specify <literal>ssf >= 128</literal>.</para>
</listitem>
</varlistentry>
<varlistentry>
--
Gitblit v1.10.0