[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: krb5PrincipalName and userPassword

--On Friday, September 07, 2007 5:22 PM +0200 Turbo Fredriksson <turbo@bayour.com> wrote:

Is it possible to apply the ppolicy on SASL binds?

I suggest you sit down and really think about this for a little bit. SASL/GSSAPI binds already know that the user has authenticated, all that is happening when talking to LDAP is the authorization part. If you want the same sort of restrictions password wise when dealing with SASL/GSSAPI, then fix your policies at the KDC. There is no way ppolicy can know how to deal with KDC password policies, since the password request *doesn't go through the LDAP server at a protocol level*.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration