[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Contribution: Active Directory Password Cache (ITS#5042)

To: openldap-its@OpenLDAP.org
Subject: Re: Contribution: Active Directory Password Cache (ITS#5042)
From: ando@sys-net.it
Date: Tue, 7 Aug 2007 10:41:54 GMT

s.hetze@linux-ag.de wrote:

> Renaming the variables is no problem. What would you say extpwc stands
> for?

EXT ernal P ass W ord C ache?

> I can imagine to call the module krb5pwc and head the README
> "Kerberos V/Active Directory Password Cache"

Right; but, this would limit yourself to Kerberos V; see my other 
posting about rather delegating auth to SASL.

>> Well, that could be a parameter that is provided through the 
>> configuration (caching TTL, optional negative caching TTL, and so).  It 
>> doesn't need to be stored in the entry, or in a subentry, since dynamic 
>> configuration would allow to modify it run-time anyway.
>>
> 
> If I understand it correct, you suggest to let the cached password
> expire after some configurable time. To achieve this, I would need to
> keep a timestamp when the password was cached.
> Is there any other way than to add an attribute holding this timestamp?
> ...
> Actually, I could make this feature depend on the {ad|krb5}pw-cache-mode=any
> and use the sambaPwdLastSet attribute.

Right; I think a specific operational attribute would be better.

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------

Prev by Date: Re: Contribution: Active Directory Password Cache (ITS#5042)
Next by Date: Re: Contribution: Active Directory Password Cache (ITS#5042)
Index(es):
- Chronological
- Thread