On Wed, Jun 30, 2010 at 4:16 PM, Kiran Ayyagari <[email protected]>wrote:
> hello guys, > > Its been a while since I started working on implementing password > policy[1]. > > Here are a few things I wanted to let you know about the implementation > > 1. The PasswordPolicyInterceptor cannot be used to enforce this > policy cause we need access to the > userpassword and other special attributes before the > authentication process starts, so am removing this > interceptor > You can access those elements in the intereceptor : the modified entry is already loaded when the interceptor is processed (we do a load of all the modified entry fields before going through the chain). I'm not sure that removing the interceptor is necessary at this point. > > 2. Am planning to make some changes to the Authenticator interface > to inject the password policy configuration > so that the authenticator can have access to this config which > needs to be used to determine whether a > user can be authenticated based on the policy state information > present in the user's entry. > The authentication is not impacted by the passwordPolicy AFAICT. PP is a matter of controlling that the password respect some conditions when added or modified (it's controlled for the Add and Modify operation only). Otherwise, the PP is transparent. -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
