[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Require SSL transport?
> This says "require 128 bits of encryption." This encryption can be
> provided by any layer (SASL, TLS, or transport). If the protection
> is not present, only operations commands which can be used to initiate
> such protections (e.g Start TLS) are allowed.
OK, so if I specify
security tls=128
then I am guaranteed to get at least 128 bits of encryption for ALL access,
via
TLS, or am I mistaken? Or would this require 128 bits no more no less?
If that's the case, is there a >= function?
> You can use ACLs to restrict simple authentication, for example:
> access to attrs=userPassword
> by ssf=112 auth
> by ssf=128 self write
> by * none
I see! So it's a literal equals... This explains a lot.
> >access to *
> > by ssf=0 none
>
> That's equivalent to saying
> access to * by * none
OK, I was misunderstanding what is meant by ssf. It is now clear.
Thanks for your help.