Ersin Er wrote:
Enrique Rodriguez wrote:
Ersin Er wrote:
...
So the Change Password Protocol provider is currently able to do this
generation/conversion but the Core and LDAP Protocol Provider are not
aware of this, right?
Correct. Change Password protocol provider can also enforce password
policy (minimum length, character mix, etc.) which at some point should
be enforced globally.
...
OK, so we'll have Triggers for modification type operations for the
ou=Users based subtree. Is it reasonable to do this with an AFTER
Trigger so that the Kerberos related attributes will be updated just
after the entry has been added/modified? Because I'm not sure whether
we'll support modification of request parameters inside triggered stored
procedures.
I think this makes sense.
...
By using triggers we can address this need server-side, and not
require any custom client side logic to derive keys from passwords.
This will make the use of Apache Directory with Kerberos much easier.
More hints are welcome ;-) We may also have an IRC session on
implementing this. I'll finish the preliminary version of triggers for
playing with in a few days.
I am really looking forward to this. This is going to make working with
Kerberos way more user-friendly.
Enrique
