[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap password policy approach

To: "Kurt D. Zeilenga" <kurt@boolean.net>
Subject: Re: ldap password policy approach
From: prasanta@netscape.com (Prasanta Behera)
Date: Thu, 28 Oct 1999 10:03:45 -0700
Cc: Jim Sermersheim <JIMSE@novell.com>, ietf-ldapext@netscape.com, kurt@openldap.org
Organization: Netscape
References: <3.0.5.32.19991027194428.00973960@localhost>
Resent-date: Thu, 28 Oct 1999 10:07:54 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"XClvaD.A.s7D.0JIG4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com


"Kurt D. Zeilenga" wrote:

> At 08:12 PM 10/27/99 -0600, Jim Sermersheim wrote:
> >What do you think?
>
> I concur that the password policy should be divorced from the
> password storage.  It's my view that, like RFC2251, the password
> policy should not place any restrictions upon how servers store
> credentials.
>
> As far as the pwdHistory attribute type, I would suggest avoid
> defining it.  That is, the policy needed concern it self with
> how a server records the history to enforce the policy.  It
> just needs to enforce the policy.

Agreed.  The policy should say if "pwdHistory"  in on or off to
tell the server to keep a history or not.


/prasanta



>
>
> Kurt
>
> ----
> Kurt D. Zeilenga                <kurt@boolean.net>
> Net Boolean Incorporated        <http://www.boolean.net/>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: ldap password policy approach
  - From: Ludovic Poitou <ludovic.poitou@france.Sun.COM>

References:
- Re: ldap password policy approach
  - From: "Kurt D. Zeilenga" <kurt@boolean.net>

Prev by Date: RE: proposed standard for password syntax
Next by Date: Re: ldap password policy approach
Index(es):
- Chronological
- Thread