[kdc-schema] Kerberos Password Policy vs LDAP Password Policy

Ludovic Poitou ludovic.poitou at Sun.COM
Wed Jul 30 06:24:50 EDT 2003


I've done an evaluation of both Kerberos and LDAP password policies, 
based on a Sun blueprint (http://www.sun.com/blueprints/1001/krb.pdf, 
page 12 "Establishing the Password Policies").

There's nothing in the kerberos password policy that is not supported by 
the LDAP password policy.

The only item that differ is the Kerberos "Maximum Password Classes". 
The LDAP password policy defines whether the "syntax" is to be checked 
but doesn't defines what are the minimal requirement on the password 
itself. These requirements are implementation details.

Ludovic

---
Ludovic Poitou
Sun ONE Directory Architect
Sun Microsystems.





More information about the kdc-schema mailing list