[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Require SSL transport?



> This says "require 128 bits of encryption."  This encryption can be
> provided by any layer (SASL, TLS, or transport).  If the protection
> is not present, only operations commands which can be used to initiate
> such protections (e.g Start TLS) are allowed.

OK, so if I specify 

security tls=128

then I am guaranteed to get at least 128 bits of encryption for ALL access,
via
TLS, or am I mistaken? Or would this require 128 bits no more no less? 
If that's the case, is there a >= function?

> You can use ACLs to restrict simple authentication, for example:
>         access to attrs=userPassword
>                 by ssf=112 auth
>                 by ssf=128 self write
>                 by * none

I see! So it's a literal equals... This explains a lot.



> >access to *
> >        by ssf=0 none
> 
> That's equivalent to saying
>   access to * by * none

OK, I was misunderstanding what is meant by ssf. It is now clear.

Thanks for your help.