[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap password policy approach

To: Jim Sermersheim <JIMSE@novell.com>
Subject: Re: ldap password policy approach
From: "Kurt D. Zeilenga" <kurt@boolean.net>
Date: Wed, 27 Oct 1999 19:44:28 -0700
Cc: ietf-ldapext@netscape.com, prasanta@netscape.com, kurt@openldap.org
In-reply-to: <s8175cca.094@prv-mail20.provo.novell.com>
Resent-date: Wed, 27 Oct 1999 19:44:04 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"JQ7g0C.A.-2G.qh7F4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

At 08:12 PM 10/27/99 -0600, Jim Sermersheim wrote:
>What do you think?

I concur that the password policy should be divorced from the
password storage.  It's my view that, like RFC2251, the password
policy should not place any restrictions upon how servers store
credentials.

As far as the pwdHistory attribute type, I would suggest avoid
defining it.  That is, the policy needed concern it self with
how a server records the history to enforce the policy.  It
just needs to enforce the policy.

Kurt

----
Kurt D. Zeilenga		<kurt@boolean.net>
Net Boolean Incorporated	<http://www.boolean.net/>

Follow-Ups:
- Re: ldap password policy approach
  - From: prasanta@netscape.com (Prasanta Behera)

References:
- Re: ldap password policy approach
  - From: Jim Sermersheim <JIMSE@novell.com>

Prev by Date: Re: comments on ldap password policy draft
Next by Date: Re: ldap password policy approach
Index(es):
- Chronological
- Thread