[jira] Commented: (DIRSERVER-899) Support centralized password
Web Server forum
Back To The Forum Home!Search!Private Messaging System
Visit your User Control Panel!Register your FREE username now!Visit Our Calendar!View the Member List!Faqs!Search our Forums!

Web Server Talk Web Server Talk > Web Servers reviews > Apache Server configuration support > Apache Directory Project > [jira] Commented: (DIRSERVER-899) Support centralized password




  Last Thread   Next Thread Next
  Show Printable Version Email this Page Subscribe to this Thread      Post New Thread    Post A Reply      

    [jira] Commented: (DIRSERVER-899) Support centralized password  
Enrique Rodriguez (JIRA)


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
05-11-07 12:11 AM


[ https://issues.apache.org/jira/brow...action_12494827 ]

Enrique Rodriguez commented on DIRSERVER-899:
---------------------------------------------

The code I had in Change Password, which I just converted to an interceptor,
 overlaps the LDAP password policy draft in the area of "password quality," 
a subset of the draft that covers character mix, password length, and "disal
lowing anagrams of the user
's name."  Put another way, I didn't implement anything that required storag
e, such as password history and expiration time.  The LDAP draft is comprehe
nsive and a good idea for a new feature.

I think we'll need to support pluggable policies, since enterprise requireme
nts in this area can vary greatly.  There are also competing schema, such as
 the draft RFC for a Kerberos schema, which has its own schema for password 
policy.  The relevant secti
on is 4.11 in:

http://mailman.mit.edu/pipermail/kd...ema-01-0001.txt

4.11  krbPwdPolicy

The krbPwdPolicy object is a template password policy that can be
applied to principals when they are created.  These policy attributes
will be in effect, when the Kerberos passwords are different from
directory passwords.

Definition:
( IANA-ASSIGNED-OID.6.11
NAME 'krbPwdPolicy'
SUP ( top )
STRUCTURAL
MUST ( cn )
MAY ( krbMaxPwdLife $ krbMinPwdLife $ krbPwdMinDiffChars $
krbPwdMinLength $ krbPwdHistoryLength $ krbPolicyRefCount ))


> Support centralized password policy enforcement
> -----------------------------------------------
>
>                 Key: DIRSERVER-899
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-899
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>          Components: changepw, core
>            Reporter: Enrique Rodriguez
>         Assigned To: Enrique Rodriguez
>            Priority: Minor
>             Fix For: 1.5.2
>
>
> Currently, password policy is not applied centrally, let alone per "realm" or subt
ree/subtree refinement.  The Change Password protocol provider enforces a best-pract
ice password policy.  However, this is bypassed during other password sets, such as 
dur
ing LDIF load or LDAP add and modify operations.
> Password policy enforcement should move to the core, for reuse by other me
chanisms for password changes.
> Password policy is currently enforced in the CheckPasswordPolicy IoHandlerCommand.


--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.




[ Post a follow-up to this message ]



    Sponsored Links  




 



   All times are GMT. The time now is 07:59 PM.      Post New Thread    Post A Reply      
  Last Thread   Next Thread Next


Most Popular forums 
Apache Server MySQL for Windows Sendmail
Red Hat Networking SuSe Linux Debian Linux
FreeBSD administration Sun Solaris administration Unix Shell programming
WebSphere Portal Server Exchange 2000 administration PostgreSQL administration
Linux Security Computer Security Firewalls

Forum Jump:
Rate This Thread:

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
 
Medical and Health forum | Computer Games Reviews | Graphics design forum

Back To The Top
Home | Usercp | Faq | Register