First Last Prev Next    This bug is not in your last search results.
Bug 437007 - Use case description of authmethod bind rule could be missleading
Use case description of authmethod bind rule could be missleading
Status: CLOSED CURRENTRELEASE
Product: Red Hat Directory Server
Classification: Red Hat
Component: Doc-administration-guide (Show other bugs)
8.0
All Linux
low Severity low
: ---
: ---
Assigned To: Deon Ballard
Content Services Development
http://www.redhat.com/docs/manuals/di...
: Documentation
Depends On:
Blocks: 249650
  Show dependency treegraph
 
Reported: 2008-03-11 12:42 EDT by Chris Evich
Modified: 2009-08-19 23:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-05-01 18:05:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Chris Evich 2008-03-11 12:42:13 EDT 
Description of problem:
Section 6.4.9 is confusing regarding the use of authmethod="ssl".  This bind
rule reads as if it performs a similar function to the "ssf" ACI option in
openssl - limiting operations based on the encryption being used.

See Bug 436979 for reference.  

I recommend making the description clearer in the admin guide, or at least
adding a "info" box describing authmethod="ssl" as in comment 1 from bug 436979
Comment 1 Chris Evich 2008-03-11 12:43:18 EDT 
> I guess the documentation is not clear.  The authmethod keyword is for
> authentication method e.g. what credentials and what mechanism did the user
> present to authenticate to the directory.  "ssl" means that the user provided a
> user certificate (or smart card, or some other pki device) to authenticate to
> the directory.
> 
> Unfortunately, there is no way, using access control, to specify that the
> connection must have a certain level of protection.  For example, with openldap,
> you can say ssf=56 meaning the connection must have SSF level 56 or higher to
> connect (e.g. TLS/SSL or SASL using DES).
Comment 2 Deon Ballard 2009-05-01 18:05:25 EDT 
Tried to clarify both the initial introduction and the example text:http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_Access_Control-Bind_Rules.html#Bind_Rules-Defining_Access_Based_on_Authentication_Method

This is live for 8.1 and will soon be in 8.0. Closing.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.