[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: comments on ldap password policy draft

To: Jim Sermersheim <JIMSE@novell.com>
Subject: Re: comments on ldap password policy draft
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.Org>
Date: Fri, 22 Oct 1999 18:44:56 -0700
Cc: prasanta@netscape.com, ietf-ldapext@netscape.com
In-reply-to: <s8109aac.020@prv-mail20.provo.novell.com>
Resent-date: Fri, 22 Oct 1999 18:54:31 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"NSxRTD.A.eGF.lURE4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

At 05:10 PM 10/22/99 -0600, Jim Sermersheim wrote:
>pwdExpirationTime

You cannot recalculate pwdExpirationTime if they don't exist.
If you change the policy from no expiration to n seconds,
you have no reference point (excepting the current time) to
establish pwdExpirationTime values.

If you want to avoid the policy fetch for each bind, you
could store both a timestamp of last password modification
and the expiration time.

>>>         pwdStorageScheme: SHA
>>Should be pwdDefaultStorageScheme.

You might apply s/pwdStorageScheme/pwdDefaultStorageScheme/g.
(that is, there are multiple occurrances of this typo).

Prev by Date: RE: I-D update -- draft-ietf-ldapext-ldap-c-api-04.txt
Next by Date: Additional comments: ldap password policy draft
Index(es):
- Chronological
- Thread