[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: password policy enforcement
On Tue, Feb 29, 2000 at 02:45:42AM -0800, Howard Chu wrote:
> Seems like a reasonably inobtrusive enhancement. Define a couple new
> attributeTypes (for example):
> loginDisabled (boolean) - is the account locked?
> loginFailures (integer) - how many failures have there been?
> loginMaxFailures (integer) - how many allowed before autolock occurs?
>
> Ideally "loginFailures" would be an operational attribute, but I don't think
> it's a big problem.
Since these are for ldap usage, wouldn't they be more appropriately names
auth* instead of login*?
--
-----------=======-=-======-=========-----------=====------------=-=------
/ Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \
` bcollins@debian.org -- bcollins@openldap.org -- bmc@visi.net '
`---=========------=======-------------=-=-----=-===-======-------=--=---'