directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From directory-...@incubator.apache.org
Subject [Apache Directory Project Wiki] Updated: EveGeneral
Date Tue, 07 Dec 2004 04:20:09 GMT
   Date: 2004-12-06T20:20:08
   Editor: AlexKarasulu <akarasulu@apache.org>
   Wiki: Apache Directory Project Wiki
   Page: EveGeneral
   URL: http://wiki.apache.org/directory/EveGeneral

   no comment

Change Log:

------------------------------------------------------------------------------
@@ -8,9 +8,9 @@
 
  * Another test user account uid=akarasulu,ou=users,ou=system is created on first startup
and has password "test".  Use it to play. 
 
- * Any user entry that has the userPassword attribute set can be authenticated.  The user
need not be under ou=users, ou=system.
+ * Any entry with a userPassword attribute containing a plain text password can be authenticated.
 The user need not be under ou=users, ou=system.
 
- * There are advantages to creating users under ou=users, ou=system.  First the user is available
regardless of the context partitions that are created.  The user also is protected by some
hardcoded authorization rules within the system.  Namely only self read is possible for all
users on their own accounts.  Users cannot see the credentials of others minus the super-user
of course.  This is an intermediate hardcoded authorization rule set until the authorization
subsystem matures.
+ * There are advantages to creating entries with userPassword fields under ou=users, ou=system.
 First the entry is available regardless of the context partitions that are created.  The
entry is also protected by some hardcoded authorization rules within the system.  Namely only
self read is possible for all non-admin principals on their own accounts.  Standard principals
cannot see the credentials of others minus the super-user of course.  This is an intermediate
hardcoded authorization rule set until the authorization subsystem matures.
 
  * By default, anonymous binds are allowed both via JNDI interfaces and via LDAP based network
clients.  So the server will start and work without any initial configuration.  The presence
of the ""eve.disable.anonymous"" property key disables anonymous user access on both interfaces
(JNDI and LDAP).
 

Mime
View raw message