login policy plugins? (was Re: Lists of LDAP requirements

Nicolas Williams Nicolas.Williams at sun.com
Thu Jul 20 01:19:41 EDT 2006

On Wed, Jul 19, 2006 at 07:47:46PM -0500, Will Fiveash wrote:
> This leads me to wonder if there should be a separate plugin interface
> for dealing with login policy where login policy plugins would be called
> by the KDC to determine if an AS_REP should be issued and when AS_REQ
> padata verification fails.  The login policy plugin would deal with the
> specifics of acquiring the login policy and logging success and
> failures.  Thoughts?

Good point.  The proposed password/key set/change protocol allows for
extensible password quality policies.  It'd be nice if MIT krb5
supported that.


More information about the krbdev mailing list