[Kdc-info] Re: [kdc-schema] LDAP password policy

Leif Johansson leifj at it.su.se
Mon Jul 14 13:57:15 EDT 2003


Shishir Nagaraj wrote:

<snip>

>
> While kerberos password policy model would benefit from the experience 
> of the LDAP password policy model, the schema should be able to handle 
> the scenarios of integrated and separate policy instances at the same 
> time.

Agreed. My take is that there must be (?) semantic overlap between 
kerberos and ldap password policy
(and between kerberos set/change password protocol and ldap set password 
exop) which might be resolved.

In the context of the ldap schema this group is looking at writing and 
from the point of view of a ldap client
talking to the ldap "kadmin" service of a kdc having these pairs of 
services/schema be interchangeable would
seem to be a nice outcome of our work.

       MVH leifj



More information about the kdc-schema mailing list