[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Schema for password aging, reuse prevention?

To: Openldap list <openldap-software@OpenLDAP.org>
Subject: Re: Schema for password aging, reuse prevention?
From: Tony Earnshaw <tonye@billy.demon.nl>
Date: Tue, 30 Mar 2004 21:52:59 +0200
In-reply-to: <86k712cmqo.fsf@Palimpsest.saic.hq.nasa.gov>
Organization: Billy
References: <86k712cmqo.fsf@Palimpsest.saic.hq.nasa.gov>

tir, 30.03.2004 kl. 18.39 skrev Chris Shenton:

> We're doing an application which uses OpenLDAP for account management.
> I have a GUI that enforces NASA policy on password complexity but have
> no way to store last-change-date or previously-used-password info
> which is required by our policy to:
> 
>  1) Enforce password aging
>  2) Not allow users to use re-use their last 10 passwords.
>  3) Lock a users account after 3 failed logins.
> 
> Are any of you folks aware of an existing published schema which will
> allow me to store dates, previous passwords (SHA hash OK), needed to
> implement password aging and reuse prevention?

It would seem that Padl is going ahead with this kind of thing under
pam_ldap. Especially draft-behera-ldap-password-policy-07. Lists are at
www.padl.com.

--Tonni

-- 

mail: billy - at - billy.demon.nl
http://www.billy.demon.nl

Follow-Ups:
- Re: Schema for password aging, reuse prevention?
  - From: Dieter Kluenter <dieter@dkluenter.de>

References:
- Schema for password aging, reuse prevention?
  - From: Chris Shenton <Chris.Shenton@hq.nasa.gov>

Prev by Date: Re: Cannot Index uniqueMember ( uniqueMemberMatch)
Next by Date: Index types
Index(es):
- Chronological
- Thread