[Date Prev][Date Next]
Re: krb5PrincipalName and userPassword
--On Friday, September 07, 2007 5:22 PM +0200 Turbo Fredriksson
Is it possible to apply the ppolicy on SASL binds?
I suggest you sit down and really think about this for a little bit.
SASL/GSSAPI binds already know that the user has authenticated, all that is
happening when talking to LDAP is the authorization part. If you want the
same sort of restrictions password wise when dealing with SASL/GSSAPI, then
fix your policies at the KDC. There is no way ppolicy can know how to deal
with KDC password policies, since the password request *doesn't go through
the LDAP server at a protocol level*.
Principal Software Engineer
Zimbra :: the leader in open source messaging and collaboration