[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapext] Re: Password policy state attributes

To: Ed Reed <ereed@novell.com>
Subject: Re: [ldapext] Re: Password policy state attributes
From: Michael Ströder <michael@stroeder.com>
Date: Fri, 22 Nov 2002 22:50:23 +0100
Cc: ldapext@ietf.org, andrews@adacel.com.au, bcheckley@epresence.com, Alan Clark <ACLARK@novell.com>, Hal Henderson <HAL@novell.com>, ludovic.poitou@sun.com, Andrew_Marshall@TD.COM
References: <sdde2652.042@prv-mail20.provo.novell.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1) Gecko/20020826

Ed Reed wrote:

At the risk of sounding like a crackpot... You may need to consider something like the X.509 certificate object class discussed in PKIX - an entry with all the policy associated with the particular credential - in this case a password associated with an authentication identity.

It was also my first impression that this topic is very much the same sort of discussion like storing X.509 certificates in separate subordinate entries vs. certificate matching rules.

Maybe I missed something but how does the authentication mechanisms distinguish which password to use for authentication in a specific application? If you have really several applications with different passwords then I'd suggest to simply put the application-specific credentials in different (subordinate) entries (with different application-specific object class assigned to them).

Anyway IMHO one objective of LDAP deployment was getting rid of many passwords. At least that's what I read in most "whitepapers"... ;-)

Ciao, Michael.

_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

References:
- [ldapext] Re: Password policy state attributes
  - From: "Ed Reed" <ereed@novell.com>

Prev by Date: [ldapext] Re: Password policy state attributes
Next by Date: Re: [ldapext] Re: Password policy state attributes
Index(es):
- Chronological
- Thread