Howard Chu wrote: > Dan White wrote: > >> On 22/10/09 21:36 -0200, Sandro Venezuela wrote: >> >>> Hi, >>> >>> I have a e-mail server with Cyrus + SASL + LDAP and would like to >>> prohibit access to mailbox of the User when it is with the expired >>> password. How can I do that? >>> >> Sandro, >> >> Cyrus SASL doesn't have a concept of password expiry. What mechanism is >> controlling when your passwords expire? OpenLDAP ppolicy? or system >> expiration (PAM)? >> >> > This isn't quite correct. Cyrus SASL in fact defines a SASL_EXPIRED error > code. However, the only Cyrus mech that currently uses this code is the OTP > mech. > > Unfortunately the Cyrus SASL auxprop mechanism doesn't define any method for > auxprop plugins to return this type of status information. Looking at the > code, it's not really obvious where such a status should be exposed. It would > certainly be nice to patch this in though. > >
So for all practical intents and purposes, Sandro is correct. Anything else is an exercise in hair splitting. If a defined mechanism has no way in which to be used, it might as well not be there, although I can see where the functionality may be planned and "on the way" but not finished yet. -- Paul
