[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [ldapext] Re: Password policy state attributes
Ed Reed wrote:
At the risk of sounding like a crackpot...
You may need to consider something like the X.509 certificate object
class discussed in PKIX - an entry with all the policy associated with
the particular credential - in this case a password associated with an
authentication identity.
It was also my first impression that this topic is very much the same sort
of discussion like storing X.509 certificates in separate subordinate
entries vs. certificate matching rules.
Maybe I missed something but how does the authentication mechanisms
distinguish which password to use for authentication in a specific
application? If you have really several applications with different
passwords then I'd suggest to simply put the application-specific
credentials in different (subordinate) entries (with different
application-specific object class assigned to them).
Anyway IMHO one objective of LDAP deployment was getting rid of many
passwords. At least that's what I read in most "whitepapers"... ;-)
Ciao, Michael.
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext