directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject [ApacheDS] changes to Authenticator interface for password policy
Date Wed, 30 Jun 2010 14:16:19 GMT
hello guys,

  Its been a while since I started working on implementing password policy[1].

  Here are a few things I wanted to let you know about the implementation

   1. The PasswordPolicyInterceptor cannot be used to enforce this
policy cause we need access to the
       userpassword and other special attributes before the
authentication process starts, so am removing this
       interceptor

   2. Am planning to make some changes to the Authenticator interface
to inject the password policy configuration
       so that the authenticator can have access to this config which
needs to be used to determine whether a
       user can be authenticated based on the policy state information
present in the user's entry.

  The second step will change the API and I think this is the right
time to change before 2.0-RC1

   let me know your thoughts about the above mentioned and as well as
about password policy implementation
   (like if you think a feature xyz is good to have)

thanks for your time

Kiran Ayyagari

[1] http://tools.ietf.org/html/draft-behera-ldap-password-policy-10

Mime
View raw message