[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Comments on draft-zeilenga-ldap-authpasswd-01.txt

To: Jim Sermersheim <JIMSE@novell.com>
Subject: Re: Comments on draft-zeilenga-ldap-authpasswd-01.txt
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 18 Feb 2000 20:07:06 -0800
Cc: ietf-ldapext@netscape.com
In-reply-to: <3.0.5.32.20000218110224.00973cb0@infidel.boolean.net>
References: <s8ad1c0c.054@prv-mail25.provo.novell.com>
Resent-date: Fri, 18 Feb 2000 20:07:32 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <gbF2wD.A.9JE.4bhr4@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

At 11:02 AM 2/18/00 -0800, Kurt D. Zeilenga wrote:
>I believe the use or not of multiple passwords for one identity
>is a matter of policy not storage.  The storage should allow
>for either policy to be implemented.  It's my intent for this
>draft to be policy neutral.

Note that enforcement of password change policy often
requires knowledge of the current and new passwords.  As
updates via normal LDAP operations upon authPassword use
hashed values, it is not possible for the server to
enforce any content based password change policy.

Servers which support such policies will need to disable
update via normal LDAP commands and provide separate
update mechanisms which provide the necessary content
(the user's current and/or new password).  passwd-exop
provides such a mechanism.

I add a comment regarding this to the draft.

Kurt

References:
- Re: Comments on draft-zeilenga-ldap-authpasswd-01.txt
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: 50 Get your new Home Now!
Next by Date: Your Platinum Free Vacation and Airline Tickets"
Index(es):
- Chronological
- Thread