[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: password expiration & locking

To: meco <meco1974@libero.it>
Subject: Re: password expiration & locking
From: Adam Williams <awilliam@whitemice.org>
Date: 31 Oct 2002 06:33:29 -0500
Cc: openldap-software <openldap-software@OpenLDAP.org>
In-reply-to: <3DC00D4C.7080709@libero.it>
References: <3DC00D4C.7080709@libero.it>

>I am developing a web based application, and will have the user 
>memorized in an openldap server.
>1)I will need to manager password aging & expiration (User must change 
>password every 90 days for security reason).
>2)I will also need to manager user locking/unlocking by and administrator.
>I wuold like to know how do you usually manage this things!!!

shadowAccount (usually related to posix shadow passwords) has attributes
for expiry, last change, etc...
 
>For 1) I thought to memorize in a new attribute the password date 
>change, and check every time the user try to enter that it is not passed 
>more than 90 days
>For 2) I thought to memorize in a new attribute if the login in locked, 
>and check it every time the user try to login.
>I thought to use the object class inetorgperson as a base for the "user 
>schema".

Makes sense, but why not use one of the *Account objectclasses, since it
sounds like your talking about accounts.

Follow-Ups:
- Re[2]: password expiration & locking
  - From: Max_Ma@gmx.net

References:
- password expiration & locking
  - From: meco <meco1974@libero.it>

Prev by Date: Re: Database corruption on power down
Next by Date: RE: SASL/Kerberos V4 & openldap
Index(es):
- Chronological
- Thread