[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: comments on ldap password policy draft

To: Kurt@OpenLDAP.Org
Subject: Re: comments on ldap password policy draft
From: Jim Sermersheim <JIMSE@novell.com>
Date: Mon, 25 Oct 1999 10:46:21 -0600
Cc: ietf-ldapext@netscape.com, prasanta@netscape.com
Content-disposition: inline
Resent-date: Mon, 25 Oct 1999 09:47:30 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"fnV7ID.A.PfB.1lIF4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

>>> "Kurt D. Zeilenga" <Kurt@OpenLDAP.Org> 10/22/99 7:44:56 PM >>>
>At 05:10 PM 10/22/99 -0600, Jim Sermersheim wrote:
>>pwdExpirationTime
>
>You cannot recalculate pwdExpirationTime if they don't exist.
>If you change the policy from no expiration to n seconds,
>you have no reference point (excepting the current time) to
>establish pwdExpirationTime values.

Right, they'd all have to start at the current time.

>If you want to avoid the policy fetch for each bind, you
>could store both a timestamp of last password modification
>and the expiration time.

I'm not sure how that would help. Wouldn't we still need to look at the policy (in case it changed?)

>>>>         pwdStorageScheme: SHA
>>>Should be pwdDefaultStorageScheme.
>
>You might apply s/pwdStorageScheme/pwdDefaultStorageScheme/g.
>(that is, there are multiple occurrances of this typo).

Thanks.

Jim

Prev by Date: Re: Comments on aci-model-04
Next by Date: Re: Comments on aci-model-04
Index(es):
- Chronological
- Thread