[x500standard] Re: New draft on password policy

• From: Howard Chu <hyc@xxxxxxxxxxxxxxx>
• To: x500standard@xxxxxxxxxxxxx
• Date: Tue, 22 Sep 2009 18:31:22 -0700

David Chadwick wrote:

Other:

One feature that both X.509 certificates and Kerberos tickets provide,
that is missing in this and the LDAP specs, is a pwdStartDate parameter.
There are expiration attributes to control when a credential stops being
valid, but no corresponding parameter to control when it starts being
valid.

In addition to allowing credentials to be disabled due to failed
authentications, and due to passing a fixed expiration date,
administrators frequently request a generic "disabled" boolean flag, for
miscellaneous non-time-related reasons.

Looks like I forgot about this. Just to note: I've added pwdStartDate and pwdEndDate to the LDAP ppolicy draft, and suggested that setting pwdStartDate to a value greater than pwdEndDate can be used for the same effect as a generic "disabled" flag.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/
-----
www.x500standard.com: The central source for information on the X.500 Directory 
Standard.

• Follow-Ups:
  • [x500standard] Re: New draft on password policy
    • From: David Chadwick

• References:
  • [x500standard] Re: New draft on password policy
    • From: David Chadwick

Other related posts:

• » [x500standard] New draft on password policy- Erik Andersen
• » [x500standard] Re: New draft on password policy- Howard Chu
• » [x500standard] Re: New draft on password policy- Howard Chu
• » [x500standard] Re: New draft on password policy- David Wilson
• » [x500standard] Re: New draft on password policy- Howard Chu
• » [x500standard] Re: New draft on password policy- Howard Chu
• » [x500standard] Re: New draft on password policy- David Chadwick
• » [x500standard] Re: New draft on password policy- David Chadwick
• » [x500standard] Re: New draft on password policy- Howard Chu
• » [x500standard] Re: New draft on password policy - Howard Chu
• » [x500standard] Re: New draft on password policy- David Chadwick
• » [x500standard] Re: New draft on password policy- Kurt Zeilenga
• » [x500standard] Re: New draft on password policy- Kemp, David P.
• » [x500standard] Re: New draft on password policy- Kurt Zeilenga
• » [x500standard] Re: New draft on password policy- Santosh Chokhani
• » [x500standard] Re: New draft on password policy- Kurt Zeilenga
• » [x500standard] Re: New draft on password policy- David Wilson
• » [x500standard] Re: New draft on password policy- Santosh Chokhani
• » [x500standard] Re: New draft on password policy- David Wilson
• » [x500standard] Re: New draft on password policy- Santosh Chokhani
• » [x500standard] Re: New draft on password policy- Howard Chu
• » [x500standard] Re: New draft on password policy- David Wilson
• » [x500standard] Re: New draft on password policy- Kemp, David P.
• » [x500standard] Re: New draft on password policy- Santosh Chokhani
• » [x500standard] Re: New draft on password policy- David Wilson
• » [x500standard] Re: New draft on password policy- David Wilson
• » [x500standard] Re: New draft on password policy- Kurt Zeilenga
• » [x500standard] Re: New draft on password policy- Kurt Zeilenga
• » [x500standard] Re: New draft on password policy- Kemp, David P.
• » [x500standard] Re: New draft on password policy- Kurt Zeilenga
• » [x500standard] Re: New draft on password policy- David Chadwick
• » [x500standard] Re: New draft on password policy- David Chadwick
• » [x500standard] Re: New draft on password policy- David Chadwick
• » [x500standard] Re: New draft on password policy- David Chadwick
• » [x500standard] Re: New draft on password policy- Kurt Zeilenga
• » [x500standard] Re: New draft on password policy- David Chadwick

1. Home
2. x500standard
3. Archive
4. 09-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---