Selecting Appropriate Authentication MethodsChapter 8 Designing a Secure Directory 159• Account inactivation — Disables a user account, group of accounts, or an entiredomain so that all authentication attempts are automatically rejected.• Secure connections — Maintains the integrity of information by encryptingconnections with SSL, Start TLS, or SASL. If information is encrypted duringtransmission, the recipient can determine that it was not tampered with duringtransit.• Auditing — Allows you to determine if the security of your directory has beencompromised. For example, you can audit the log files maintained by yourdirectory.These tools for maintaining security can be used in combination in your securitydesign. You can also use other features of the directory such as replication and datadistribution to support your security design.Selecting Appropriate Authentication MethodsA basic decision you need to make regarding your security policy is how usersaccess the directory. Will you allow anonymous access, or will you require everyperson who uses your directory to bind to the directory?Directory Server provides the following methods for authentication:• Anonymous Access• Simple Password• Certificate-Based Authentication• Simple Password over TLS• Proxy AuthenticationThe directory uses the same authentication mechanism for all users, whether theyare people or LDAP-aware applications.For information about preventing authentication by a client or group of clients, see“Preventing Authentication by Account Inactivation,” on page 163.Anonymous AccessAnonymous access provides the easiest form of access to your directory. It makesdata available to any user of your directory, regardless of whether they haveauthenticated.
