[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapext] password policy: multiple subentries, multiple password attributes, ....

To: simo <idra@samba.org>
Subject: Re: [ldapext] password policy: multiple subentries, multiple password attributes, ....
From: Michael Ströder <michael@stroeder.com>
Date: Thu, 08 Jul 2010 09:35:03 +0200
Cc: ldapext <ldapext@ietf.org>, Kurt Zeilenga <Kurt.Zeilenga@Isode.com>
Delivered-to: ldapext@core3.amsl.com
In-reply-to: <1278367044.4806.59.camel@pico.li.ssimo.org>
References: <77215DBF-C6F8-48FF-B5E9-7F57D0720145@Isode.com> <1278367044.4806.59.camel@pico.li.ssimo.org>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.11) Gecko/20100701 Lightning/1.0b1 SeaMonkey/2.0.6

simo wrote:
> Ack, having multiple password policies apply for different attributes
> looks simply as an admin nightmare. Password policies tend to be few and
> well defined as they are considered critical for the security of the
> password. That means that usually it is quite easy to correctly define
> all policies for all attributes for a specific subset of users.
> Defining them as an intersection of multiple policies seem like a
> feature I wouldn't want if I were an administrator. Looks powerful on
> paper but also potentially complicated and complex is usually an enemy
> of secure.

Full ack!

Ciao, Michael.
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www.ietf.org/mailman/listinfo/ldapext

References:
- [ldapext] password policy: multiple subentries, multiple password attributes, ....
  - From: Kurt Zeilenga <Kurt.Zeilenga@Isode.com>
- Re: [ldapext] password policy: multiple subentries, multiple password attributes, ....
  - From: simo <idra@samba.org>

Prev by Date: [ldapext] Password policy: pwdAllowUserChange
Next by Date: Re: [ldapext] password policy: multiple subentries, multiple password attributes, ....
Index(es):
- Chronological
- Thread