login policy plugins? (was Re: Lists of LDAP requirements
Nicolas Williams
Nicolas.Williams at sun.com
Thu Jul 20 01:19:41 EDT 2006
On Wed, Jul 19, 2006 at 07:47:46PM -0500, Will Fiveash wrote:
> This leads me to wonder if there should be a separate plugin interface
> for dealing with login policy where login policy plugins would be called
> by the KDC to determine if an AS_REP should be issued and when AS_REQ
> padata verification fails. The login policy plugin would deal with the
> specifics of acquiring the login policy and logging success and
> failures. Thoughts?
Good point. The proposed password/key set/change protocol allows for
extensible password quality policies. It'd be nice if MIT krb5
supported that.
Nico
--
More information about the krbdev
mailing list