clarify "by anonymous auth" semantics

2024-12-21 03:10:25 +08:00 · 2003-03-12 16:25:20 +00:00 · 2003-03-12 16:25:20 +00:00 · bdf02dde71
commit bdf02dde71
parent 009afb4bd7
1 changed files with 11 additions and 8 deletions
--- a/doc/guide/admin/slapdconfig.sdf
+++ b/doc/guide/admin/slapdconfig.sdf
@ -771,11 +771,12 @@ This access directive grants read access to everyone.
 >		by anonymous auth
 >		by * read

-This directive allows users to modify their own entries, allows
-authenticate, and allows all others to read.  Note that only the
-first {{EX:by <who>}} clause which matches applies.  Hence, the
-anonymous users are granted {{EX:auth}}, not {{EX:read}}.  The last
-clause could just as well have been "{{EX:by users read}}".
+This directive allows the user to modify their entry, allows anonymous
+to authentication against these entries, and allows all others to
+read these entries.  Note that only the first {{EX:by <who>}} clause
+which matches applies.  Hence, the anonymous users are granted
+{{EX:auth}}, not {{EX:read}}.  The last clause could just as well
+have been "{{EX:by users read}}".

 It is often desirable to restrict operations based upon the level
 of protection in place.  The following shows how security strength
@ -788,10 +789,12 @@ factors (SSF) can be used.

 This directive allows users to modify their own entries if security
 protections have of strength 128 or better have been established,
-allows simple authentication and read access when 64 or better
-security protections have been established.
+allows authentication access to anonymous users, and read access
+when 64 or better security protections have been established.  If
+client has not establish sufficient security protections, the
+implicit {{EX:by * none}} clause would be applied.

-The following example shows the use of a regular expression
+The following example shows the use of a style specifiers
 to select the entries by DN in two access directives where
 ordering is significant.