[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Tips when implementing password policies

To: Chris Jacobs <Chris.Jacobs@apollogrp.edu>, "'hyc@symas.com'" <hyc@symas.com>
Subject: Re: Tips when implementing password policies
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Tue, 23 Mar 2010 20:20:34 -0700
Cc: "'tgates81@gmail.com'" <tgates81@gmail.com>, "'openldap-technical@openldap.org'" <openldap-technical@openldap.org>
Content-disposition: inline
In-reply-to: <6C447584419BFE4E83D46E88F81314862FAEA762E8@EXCH07-05.apollogrp.edu>
References: <6C447584419BFE4E83D46E88F81314862FAEA762E8@EXCH07-05.apollogrp.edu>

--On Tuesday, March 23, 2010 7:37 PM -0700 Chris Jacobs<Chris.Jacobs@apollogrp.edu> wrote:

Okay, it says:
"If pwdChangedTime does not exist, the user's password will not expire."

How have you guys dealt with this?  I suspect that just asking people to
please change their passwords so we can make sure they expire will result
in a low turn-out rate. :p

I also don't want people to just end-up locked out either, if at all
possible.

Thoughts?

Find all objects without that attribute, and add it. This will force allusers who previously didn't have it to have to change their password oncethat expiration time is reached.


--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Follow-Ups:
- RE: Tips when implementing password policies
  - From: Chris Jacobs <Chris.Jacobs@apollogrp.edu>

References:
- Re: Tips when implementing password policies
  - From: Chris Jacobs <Chris.Jacobs@apollogrp.edu>

Prev by Date: Re: Tips when implementing password policies
Next by Date: RE: Tips when implementing password policies
Index(es):
- Chronological
- Thread