From 10d0ac51b81bf781524d09735cf6618e24fb33ea Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Fri, 28 Apr 2023 15:05:47 -0600 Subject: [PATCH] Update domain-controller-ldap-server-channel-binding-token-requirements.md Line 32: Ldap > LDAP NOTE: NO change to line 90. --- ...controller-ldap-server-channel-binding-token-requirements.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-channel-binding-token-requirements.md b/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-channel-binding-token-requirements.md index f17b958e97..24614ad5c4 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-channel-binding-token-requirements.md +++ b/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-channel-binding-token-requirements.md @@ -29,7 +29,7 @@ Unsigned/Unprotected network traffic is susceptible to man-in-the-middle attacks - If channel binding is set to Always, LDAP clients who don't support channel bindings will be rejected. - If channel binding is set to when supported, only incorrect channel bindings will be blocked, and clients who don't support channel binding can continue to connect via LDAP over TLS. -CBT or EPA is used with TLS sessions when a SASL authentication method is used to authenticate the user. SASL means you use NTLM or Kerberos for user authentication. Ldap Simple Bind over TLS doesn't offer channel binding token protection and is therefore not recommended. +CBT or EPA is used with TLS sessions when a SASL authentication method is used to authenticate the user. SASL means you use NTLM or Kerberos for user authentication. LDAP Simple Bind over TLS doesn't offer channel binding token protection and is therefore not recommended. ### Possible values