Pasword quality pluggable interface project review
Nicolas.Williams at oracle.com
Mon Aug 30 18:32:19 EDT 2010
On Mon, Aug 30, 2010 at 06:22:11PM -0400, Sam Hartman wrote:
> >>>>> "Greg" == Greg Hudson <ghudson at MIT.EDU> writes:
> Greg> It's apparent to me now that there's a lot of room for improving our
> Greg> support for password quality errors over the password change protocol.
> Greg> For schedule reasons, I'm going to defer that to future work--in
> Greg> particular, to the part of the future after we have localization.
> I can understand deferring revising our set-change password support.
> However, as Russ pointed out, the existing change protocol has a way for
> a text error to come back--Heimdal does that. I think we need to at
> least support this in the plugin interface even if you don't write the
> glue now to make it work.
But also the "room" isn't "a lot": it's just addition of a language tag
set to be sent by the client to the server, plus, maybe, some new policy
codes. That's not "a lot". There's no reason the plugin can't get a
language tag set, which would be empty when the client doesn't send any
(e.g., because the protocol it's using doesn't allow it to).
More information about the krbdev