Password sync plugin, and questions about plugin criticality

[Nicolas Williams]

On Mon, Jun 26, 2006 at 08:23:20PM +1000, Luke Howard wrote:
> We might want to consider what we can learn from PAM and SLAPI regarding
> plugin stacking. PAM leaves this to the administrator, in SLAPI all that
> is configurable is the order of plugins (see previous mail).

We're talking about simple password sync.

First, do you want failure to synchronize to lead to failure to change
the password?  But you can't guarantee that password change and
synchronization happen atomically, methinks.  So I'd say, change the
password, then synchronize to all sinks; ignore (but log!) failures.
Given such semantics no stacking seems necessary: just call all the
plug-ins in order, or even concurrently.

Password quality policies are another story: they must be consulted
before allowing the password change to succeed, and also before password
synchronization; failure to pass any password quality policy should
result in failure, but checking all password quality policies at once is
good: you can give the user information about the policies their
password violated in one go.

I've already argued that password quality policies and password
synchronization should be treated as independent from each other.

Nico
--