[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [ldapext] Password Policy OIDs
Ludovic Poitou <Ludovic.Poitou@Sun.COM> wrote on 11/12/2004 11:02:52 AM:
>
>
> John McMeeking wrote:
>
> > ...
> >
> >- The recent discussion (and notes in the draft) seem to morph
> >pwdQualityCheck into a mechanism for specifying what password policies
are
> >in effect. That is useful, but also has nothing to do with (and is
> >independent of) of the previous meaning of pwdQualityCheck. I suggest
that
> >such a list of policies could be handled as described below.
> >
> >
> >
> >You'll never be able to define a single model that does what everybody
> >needs (as in "we aren't allowed to buy your product if it won't do
'X'").
> >
> >
> I also agree with this.
>
> Overall, I like this proposal.
> Can it be restricted to a pwdQualityCheckPolicy or do you forsee other
> areas where you might want to extend the policy ?
I think this would be a general password policy extension mechanism.
The current pwdPolicyObject already goes beyond password quality:
- pwdMustChange
- pwdSafeModify
- pwdGraceAuthNLimit
- lockouts
Password quality seems the most likely area of extension, but I see no
reason to restrict extensions to quality.
>
> Ludovic.
>
John McMeeking
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext