Commit accc4984 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

s/privacy/confidentiality/

parent 57f36ae0
......@@ -132,10 +132,10 @@ be useful to you.
{{How is the information protected from unauthorized access?}} Some
directory services provide no protection, allowing anyone to see
the information. LDAP provides a mechanism for a client to
authenticate, or prove its identity to a directory server, paving
the way for rich access control to protect the information the
server contains. LDAP also supports privacy and integrity security
the information. LDAP provides a mechanism for a client to authenticate,
or prove its identity to a directory server, paving the way for
rich access control to protect the information the server contains.
LDAP also supports data security (integrity and confidentiality)
services.
......@@ -172,8 +172,8 @@ servers.
The stand-alone LDAP daemon, or {{slapd}}(8), can be viewed as a
{{lightweight}} X.500 directory server. That is, it does not
implement the X.500's DAP. As a {{lightweight directory}} server,
{{slapd}}(8) implements only a subset of the X.500 models.
implement the X.500's DAP nor does it support the complete X.500
models.
If you are already running a X.500 DAP service and you want to
continue to do so, you can probably stop reading this guide. This
......@@ -223,12 +223,14 @@ interesting features and capabilities include:
{{slapd}} supports LDAP over both IPv4 and IPv6 and Unix IPC.
{{B:{{TERM[expand]SASL}}}}: {{slapd}} supports strong authentication
services through the use of SASL. {{slapd}}'s SASL implementation
utilizes {{PRD:Cyrus}} {{PRD:SASL}} software which supports a number
of mechanisms including DIGEST-MD5, EXTERNAL, and GSSAPI.
{{B:{{TERM[expand]TLS}}}}: {{slapd}} provides privacy and integrity
protections through the use of TLS (or SSL). {{slapd}}'s TLS
and data security (integrity and confidentiality) services through
the use of SASL. {{slapd}}'s SASL implementation utilizes {{PRD:Cyrus}}
{{PRD:SASL}} software which supports a number of mechanisms including
DIGEST-MD5, EXTERNAL, and GSSAPI.
{{B:{{TERM[expand]TLS}}}}: {{slapd}} supports certificate-based
authentication and data security (integrity and confidentiality)
services through the use of TLS (or SSL). {{slapd}}'s TLS
implementation utilizes {{PRD:OpenSSL}} software.
{{B:Topology control}}: {{slapd}} can be configured to restrict
......
......@@ -321,10 +321,10 @@ depending on whether simple password-based authentication or Kerberos
authentication or {{TERM:SASL}} authentication is to be used when connecting
to the slave slapd.
Simple authentication should not be used unless adequate integrity
and privacy protections are in place (e.g. TLS or IPSEC). Simple
authentication requires specification of {{EX:binddn}} and
{{EX:credentials}} parameters.
Simple authentication should not be used unless adequate data
integrity and confidentiality protections are in place (e.g. TLS
or IPSEC). Simple authentication requires specification of
{{EX:binddn}} and {{EX:credentials}} parameters.
Kerberos authentication is deprecated in favor of SASL authentication
mechanisms, in particular the {{EX:KERBEROS_V4}} and {{EX:GSSAPI}}
......@@ -516,10 +516,10 @@ depending on whether simple password-based authentication or
{{TERM:SASL}} authentication is to be used when connecting
to the provider slapd.
Simple authentication should not be used unless adequate integrity
and privacy protections are in place (e.g. TLS or IPSEC). Simple
authentication requires specification of {{EX:binddn}} and
{{EX:credentials}} parameters.
Simple authentication should not be used unless adequate data
integrity and confidentiality protections are in place (e.g. TLS
or IPSEC). Simple authentication requires specification of {{EX:binddn}}
and {{EX:credentials}} parameters.
SASL authentication is generally recommended. SASL authentication
requires specification of a mechanism using the {{EX:saslmech}} parameter.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment