[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [ldapext] password policy: generic features
On Jun 30, 2010, at 2:02 PM, Howard Chu wrote:
> Kurt Zeilenga wrote:
>> The latest I-D contains an account idling feature. This is yet another
>> feature which is useful regardless of the mechanism being used for
>> authentication.
>>
>> At present, I favor separating such features into a separate "account
>> policy" specification. However in absence of an I-D actually detailing an
>> "account policy" this note can be viewed as simply placing my view on the
>> public record. Or maybe just rework this specification to be an "account
>> policy" specification with "password extensions". :-)
>
> I was just going to ask if that's where you were headed.
Haven't thought too much about direction. Just making comments as I re-implement this stuff, and thinking a bit about dealing with some long standing 'account policy' related feature requests.
> Is this "account" policy, or perhaps "authentication policy"?
Well, some of the facilities I'm thinking might be part of such a specification are about authorization not authentication, such as general account locking.
> It seems that broadening the title may be a good idea; splitting the spec may be harder because the two are interdependent.
Some things might do better with less interdependence... but that doesn't necessarily require splitting the specification.
-- Kurt
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www.ietf.org/mailman/listinfo/ldapext