Work in progress
This site is in the process of being reviewed and updated.
Resources
- http://tools.ietf.org/html/draft-behera-ldap-password-policy
- http://directory.fedora.redhat.com/wiki/Account_Policy_Design
- http://directory.fedora.redhat.com/wiki/Wishlist#Core_Server_Features
- https://opends.dev.java.net/public/docs/architecture/OpenDS-PWPolicy-Architecture.pdf
What about...
- Stored Procedures? Allowing users (administrators) to define their his own policy by coding?
- Families of Entries is the coolest solutions for such problems.. (http://tools.ietf.org/html/draft-ietf-ldapext-families)
Planned conformance to the Password Policy draft
Password Usage Policy:
Password Modification Policy:
Restriction of the Password Policy:
The pwdPolicy Object Class and Attribute Types used in the pwdPolicy ObjectClass:
What do we propose here?
Define a sophisticated syntax to store all these information in a single attribute. So that we can store user specific password policy in a user's entry without causing clutter. This scheme is borrowed from X.500 Access Control subsystem.
Spefically we are proposing prescriptivePasswordPolicy
and entryPasswordPolicy
.
Attribute Types for Password Policy State Information:
Controls used for Password Policy:
Note: We had a very quick at the RFC and the list above only contains sections that was relatively more obvious to have an idea on.
.