[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: [ldapext] Password policies in LDAP

To: kevin.dyer@matrixone.com, jim@willeke.com
Subject: RE: [ldapext] Password policies in LDAP
From: "sreekantan, vijay" <vijayakumars@yahoo.com>
Date: Thu, 20 Feb 2003 15:11:51 -0800 (PST)
Cc: ldapext@ietf.org
In-reply-to: <9150DCE0CCB4D411A7DB00508BB0DBF205208470@msx1am.matrixone.net>

Leaving it to the client (client of the LDAP server) requires us to implement policies in multiple platforms/clients which is a very bad and infeasible decision. I agree with Kevin that there should be some standards. I am just searching for the standards to prove some concepts in a security architecture project I am working on.
Vijay

"Dyer, Kevin" <kevin.dyer@matrixone.com> wrote:

Jim,

These two RFC's do not address a number of issues that are discussed in the draft; for instance the number of invalid login attempts, account lockout, password checking, and password reuse. A large number of companies are moving toward LDAP as their primary authentication mechanism for desktop and network based applications. The Directory server must be able to address issues related to password management and user control. Leaving it up to the client is not an option anymore. I know that at least one company is changing their Directory server to implement most of this draft as they recognize the direction industry is taking.

                Kevin

____________________________________________
Kevin J. Dyer
Sr. Technologist, Product Management
kevin.dyer@matrixone.com

TEL:     978-322-2011
FAX:     978-441-0078
MOBILE: 978-549-0971

MatrixOne, Inc.
210 Littleton Rd
Westford, MA 01886 USA
www.matrixone.com

"Changing the way the world brings products to market" (tm)
____________________________________________

>-----Original Message-----
>From: Jim Willeke [mailto:jim@willeke.com]
>Sent: Wednesday, February 19, 2003 4:52 AM
>To: sreekantan, vijay
>Cc: ldapext@ietf.org
>Subject: Re: [ldapext] Password policies in LDAP
>
>
>Have you seen Kurt's stuff ?
>http://www.faqs.org/rfcs/rfc3062.html
>
>http://www.faqs.org/rfcs/rfc3112.html
>-jim
>
>sreekantan, vijay wrote:
>
>> I was trying to understand more about standards related to
>Password
>> Policies in LDAP servers. I found that there was an internet draft
>> written by a group of people from Sun MicroSystems.
>> draft-behera-ldap-password-policy-06.txt was the draft file name.
>> I also found that this draft has been expired and was not
>made an RFC.
>> My question is if there is any standard on the password
>policies that
>> LDAP vendors should support. Is there any information
>regarding this.
&nb! sp; >> What happens to expired drafts. If anybody could provide some
>> information on this topic, it will be greatly helpful.
>> Regards
>> Vijay
>>
>>
>>
>-------------------------------------------------------------
>-----------
>> Do you Yahoo!?
>> Yahoo! Shopping
>>
><http://rd.yahoo.com/O=1/I=brandr/vday03/text/flow/*http://sh
opping.yahoo.com%0A/shop?d=browse&id=20146735>
> - Send Flowers for Valentine's Day

_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, and more

Follow-Ups:
- RE: [ldapext] Password policies in LDAP
  - From: "Bob Joslin" <bob.joslin@hp.com>

References:
- RE: [ldapext] Password policies in LDAP
  - From: "Dyer, Kevin" <kevin.dyer@matrixone.com>

Prev by Date: RE: [ldapext] Password policies in LDAP
Next by Date: RE: [ldapext] Password policies in LDAP
Index(es):
- Chronological
- Thread