Occasionally we hear requests to add new policy to that draft which squarely lands in the realm of "login" policy, and other times we get requests to remove policy like intruder detection as it has more to do with logging in than management of passwords (though it kind of leaks into both areas).
Usually though, consensus seems to point to putting login policy into a draft of its own. This could also contain things like maximum concurrent logins and allowed login times.
If someone could author that I-D, we could possibly define intruder detection in a way that it could be consumed from a password modify perspective in the password policy I-D, and consumed from a password usage perspective in the login policy I-D.
Or, maybe it would be best to glob everything into a single I-D (my feeling is this is worse). The problem I see currently is a lack of resources to push both of these areas of policy forward together in a coordinated way.
Jim
>>> John McMeeking <jmcmeek@us.ibm.com> 2/23/05 1:17:11 PM >>> I've had some recent requests for some sort of "last login time" attribute or a "unused account" policy so that accounts can be disabled if they have not been used for 6 months. Would either of these be appropriate for the password policy draft? John McMeeking _______________________________________________ Ldapext mailing list Ldapext@ietf.org https://www1.ietf.org/mailman/listinfo/ldapext |
_______________________________________________ Ldapext mailing list Ldapext@ietf.org https://www1.ietf.org/mailman/listinfo/ldapext