[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapext] Password Policy OIDs

To: ldapext@ietf.org
Subject: Re: [ldapext] Password Policy OIDs
From: John McMeeking <jmcmeek@us.ibm.com>
Date: Fri, 12 Nov 2004 12:16:19 -0600
In-reply-to: <4194ECBC.6080607@sun.com>




Ludovic Poitou <Ludovic.Poitou@Sun.COM> wrote on 11/12/2004 11:02:52 AM:

>
>
> John McMeeking wrote:
>
> > ...
> >
> >- The recent discussion (and notes in the draft) seem to morph
> >pwdQualityCheck into a mechanism for specifying what password policies
are
> >in effect.  That is useful, but also has nothing to do with (and is
> >independent of) of the previous meaning of pwdQualityCheck.  I suggest
that
> >such a list of policies could be handled as described below.
> >
> >
> >
> >You'll never be able to define a single model that does what everybody
> >needs (as in "we aren't allowed to buy your product if it won't do
'X'").
> >
> >
> I also agree with this.
>
> Overall, I like this proposal.
> Can it be restricted to a pwdQualityCheckPolicy or do you forsee other
> areas where you might want to extend the policy ?

I think this would be a general password policy extension mechanism.
The current pwdPolicyObject already goes beyond password quality:
- pwdMustChange
- pwdSafeModify
- pwdGraceAuthNLimit
- lockouts

Password quality seems the most likely area of extension, but I see no
reason to restrict extensions to quality.

>
> Ludovic.
>

John McMeeking


_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

References:
- Re: [ldapext] Password Policy OIDs
  - From: Ludovic Poitou <Ludovic.Poitou@Sun.COM>

Prev by Date: Re: [ldapext] Password Policy OIDs
Next by Date: [ldapext] Kerberos Integrity behavior
Index(es):
- Chronological
- Thread