[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [RFR] English debconf templates for nss-pam-ldapd

On Mon, 8 Aug 2011, Justin B Rye wrote:

So "binddn and password" might be clearer.


I went for:
  "simple: simple bind DN and password authentication;"
because this option is also called "simple bind" and this should be familiar to people familiar with LDAP. 


Or is it bind DN, or BindDN, or what?
Probably bind DN is reasonably correct since it is the DN (distinguished name) used for binding.
And even if I choose SASL, does that mean that there won't be a BindDN? If the LDAP database still uses one and just delegates the login authentication, that makes mentioning BindDNs as a way of distinguishing authentication types a red herring.
With SASL, the sasl_authcid and sasl_authzid options should be used instead of binddn. There format may be different from a DN but it can also include it (at least that is my limited understanding from it).
Well, if you use SSL it doesn't travel as cleartext, does it? Still, if we've gone to the trouble of explaining "simple" authentication as "stored unencrypted" in ldap-auth-type I suppose we're entitled to say just "cleartext" here if we like. 

I went for:
  "PLAIN: simple cleartext password mechanism"
to keep in line with RFC 4616. It should also be clear enough. In all other places in the documentation I've tried to avoid using clear/plaintext. 

--
-- arthur - adejong@debian.org - http://people.debian.org/~adejong --
Reply to: