[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: password policy enforcement



On Tue, Feb 29, 2000 at 02:45:42AM -0800, Howard Chu wrote:
> Seems like a reasonably inobtrusive enhancement. Define a couple new
> attributeTypes (for example):
>     loginDisabled (boolean) - is the account locked?
>     loginFailures (integer) - how many failures have there been?
>     loginMaxFailures (integer) - how many allowed before autolock occurs?
> 
> Ideally "loginFailures" would be an operational attribute, but I don't think
> it's a big problem.

Since these are for ldap usage, wouldn't they be more appropriately names
auth* instead of login*?

-- 
 -----------=======-=-======-=========-----------=====------------=-=------
/  Ben Collins  --  ...on that fantastic voyage...  --  Debian GNU/Linux   \
`     bcollins@debian.org  --  bcollins@openldap.org  --  bmc@visi.net     '
 `---=========------=======-------------=-=-----=-===-======-------=--=---'