login policy plugins? (was Re: Lists of LDAP requirements
rra at stanford.edu
Thu Jul 20 02:41:06 EDT 2006
Nicolas Williams <Nicolas.Williams at sun.com> writes:
> Good point. The proposed password/key set/change protocol allows for
> extensible password quality policies. It'd be nice if MIT krb5
> supported that.
For password quality, what sort of support are you looking for other than
support for a user-supplied password-checking plugin? (I say this as a
Kerberos administrator for a site that cannot use anything less; the only
language suitable for encoding our password quality policy is a full-blown
programming language that can call out to such libraries as cracklib.
Once you have that, is there really anything lesser that's of much use?)
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev