[Kdc-info] Re: [kdc-schema] LDAP password policy
Shishir Nagaraj
nshishir at novell.com
Mon Jul 14 05:22:28 EDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> As I recall in San Francisco, the talk about integrating with the KDC
> password policy with the LDAP password policy model was brought up.
The KDC password policy should be integrated with the password policy
for easier administration. In many deployments the convenience of a
common policy would over-ride the security benefits of a separate policy.
At the same time, a particular site might want different password
policies for kerberos and LDAP credentials, based on the assessment of
threats faced in their environment.
While kerberos password policy model would benefit from the experience
of the LDAP password policy model, the schema should be able to handle
the scenarios of integrated and separate policy instances at the same time.
Shishir.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/EnZUjygmKfU2CWYRAkYCAKCg6g3mT14N6Fy5PYpdkUvZ/pGiDACdHAFX
ixbVsFI9JZ0cpv0e6RHIgKo=
=Hrh3
-----END PGP SIGNATURE-----
More information about the kdc-info
mailing list