directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: Extending Authentication for Bind
Date Thu, 21 Feb 2013 17:54:16 GMT
On Thu, Feb 21, 2013 at 11:10 PM, Emmanuel Lécharny <elecharny@gmail.com>wrote:

> Le 2/21/13 5:25 PM, Kiran Ayyagari a écrit :
> > don't think we have such a support right now do we? is that looping of
> > authenticators makes this a possibility?
>
> I see that the Authenticator interface provide a checkPwdPolicy() method :
>
>     /**
>      *  performs checks on the given entry based on the specified
> password policy configuration
>      *
>      * @param userEntry the user entry to be checked for authentication
>      * @throws PasswordPolicyException
>      */
>     void checkPwdPolicy( Entry userEntry ) throws LdapException;
>
> Why can't we do all the passwordPolicy checks in the authenticator,
> instead of the interceptor ?
>
> The only pb is that we need the user entry at this point, but couldn't
> we pass the BindContext, so for the checkPwdPolicy() to fetch the entry
> from the DS instead ?
>
> Does it make sense ?
>
> password policy is enforced not only during authentication but also after
authentication and while doing modify operation

>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>
>


-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message