On Wed, Jun 30, 2010 at 4:16 PM, Kiran Ayyagari <email@example.com>
Its been a while since I started working on implementing password policy.
Here are a few things I wanted to let you know about the implementation
1. The PasswordPolicyInterceptor cannot be used to enforce this
policy cause we need access to the
userpassword and other special attributes before the
authentication process starts, so am removing this
You can access those elements in the intereceptor : the modified entry is already loaded when the interceptor is processed (we do a load of all the modified entry fields before going through the chain).
I'm not sure that removing the interceptor is necessary at this point.
2. Am planning to make some changes to the Authenticator interface
to inject the password policy configuration
so that the authenticator can have access to this config which
needs to be used to determine whether a
user can be authenticated based on the policy state information
present in the user's entry.
The authentication is not impacted by the passwordPolicy AFAICT.
PP is a matter of controlling that the password respect some conditions when added or modified (it's controlled for the Add and Modify operation only). Otherwise, the PP is transparent.