[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: sane ppolicy choices

Igor Shmukler wrote:
> On Thursday, March 5, 2015, Dieter Klünter <dieter@dkluenter.de> wrote:
>> I would create and set a password according to RFC-3062, a little Perl
>> script could do this and mail the password to the trial user. I would
>> not allow a user to modify her pasword in a trial period.
> Thank you for the suggestion. This certainly is one way to go. Your
> approach is simple. That's always good. I just need to think whether
> disallowing password change for trial users is acceptable.

Being a trial user one of the first things I'd test is how I can change my own

Generally the password policy is a bad place to limit the life/usage time of
an account.

I'd recommend to define separate attributes for status and end-of-trial-time
and implement a CRON job which disables the account after the a trial user is

If the trial accounts are removed in any case then slapo-dds and auxiliary
object class 'dynamicObject' could be an option. Note that a dynamic entry
cannot be modified to a static entry by removing this object class. You'd have
to delete and re-add the entry.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature