[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: comments on ldap password policy draft
>>> "Kurt D. Zeilenga" <Kurt@OpenLDAP.Org> 10/22/99 7:44:56 PM >>>
>At 05:10 PM 10/22/99 -0600, Jim Sermersheim wrote:
>>pwdExpirationTime
>
>You cannot recalculate pwdExpirationTime if they don't exist.
>If you change the policy from no expiration to n seconds,
>you have no reference point (excepting the current time) to
>establish pwdExpirationTime values.
Right, they'd all have to start at the current time.
>If you want to avoid the policy fetch for each bind, you
>could store both a timestamp of last password modification
>and the expiration time.
I'm not sure how that would help. Wouldn't we still need to look at the policy (in case it changed?)
>>>> pwdStorageScheme: SHA
>>>Should be pwdDefaultStorageScheme.
>
>You might apply s/pwdStorageScheme/pwdDefaultStorageScheme/g.
>(that is, there are multiple occurrances of this typo).
Thanks.
Jim