RE: Password Mgmt
From: Darren Moffat (Darren.Moffat@Sun.COM)Date: 06/13/02
- Previous message: Ferry Kemps: "Re: SUN VPN for 10.x.x.x Network"
- Maybe in reply to: DeBerry, Casey: "Password Mgmt"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 12 Jun 2002 15:47:16 -0700 (PDT) From: Darren Moffat <Darren.Moffat@Sun.COM> To: focus-sun@securityfocus.com, VIvanov@tee.toshiba.de
>> Attached is a document that desribes what each of the fields
>> in shadow(4)
>> provide in terms of policy.
>
>it is mentioned, that such fucntionality could be provided via NIS+ or local
shadow file.
>so, it seems to me, this is not possibkle via NIS (as there are no
appropriate fields in passwd table),
>but what is about LDAP?
Correct NIS has no shadow table so it can't do it. In theory you could
do this two different ways with LDAP and it depends on which style of
authentication you are doing.
If you are doing unix authentication (using pam_unix*) then LDAP provides
the same nameservice functionality as NIS in this area.
If you are doing LDAP authentication (using pam_ldap) then the server
that statisfies the LDAP simple bind can do password aging. It is possible
that the policy for this would be held in the users directory entry.
Note that this does not reflect the functionality of any currently
shipping Sun product.
-- Darren J Moffat
- Previous message: Ferry Kemps: "Re: SUN VPN for 10.x.x.x Network"
- Maybe in reply to: DeBerry, Casey: "Password Mgmt"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
