[Date Prev][Date Next] [Chronological] [Thread] [Top]

sane ppolicy choices


I am trying to implement a trial [period] for new customers, using the
OpenLDAP password policy overlay.

I was thinking about setting a combination of pwdMaxAge, pwdMustChange
and pwdAllowUserChange.

Basically, the best idea I have had is to set MaxAge to the length of
trial [in seconds] then in a user changes the password while in trial
mode, calculate MaxAge as (trial_length - time_passed), then at the
end setting MustChange to true and AllowUserChange to false [until the
trial has been converted].

Is that a sane policy? Should I be doing something totally different?
Please advise.


Igor Shmukler