Re: [RFR] English debconf templates for nss-pam-ldapd
On Mon, 8 Aug 2011, Justin B Rye wrote:
So "binddn and password" might be clearer.
I went for:
"simple: simple bind DN and password authentication;"
because this option is also called "simple bind" and this should be
familiar to people familiar with LDAP.
Or is it bind DN, or BindDN, or what?
Probably bind DN is reasonably correct since it is the DN (distinguished
name) used for binding.
And even if I choose SASL, does that mean that there won't be a BindDN?
If the LDAP database still uses one and just delegates the login
authentication, that makes mentioning BindDNs as a way of distinguishing
authentication types a red herring.
With SASL, the sasl_authcid and sasl_authzid options should be used
instead of binddn. There format may be different from a DN but it can also
include it (at least that is my limited understanding from it).
Well, if you use SSL it doesn't travel as cleartext, does it? Still, if
we've gone to the trouble of explaining "simple" authentication as
"stored unencrypted" in ldap-auth-type I suppose we're entitled to say
just "cleartext" here if we like.
I went for:
"PLAIN: simple cleartext password mechanism"
to keep in line with RFC 4616. It should also be clear enough. In all
other places in the documentation I've tried to avoid using
clear/plaintext.
--
-- arthur - adejong@debian.org - http://people.debian.org/~adejong --
Reply to: