Re: Control of expired passwords with SASL + LDAP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Howard Chu wrote: 
Dan White wrote:
  
On 22/10/09 21:36 -0200, Sandro Venezuela wrote:
    
Hi,

I have a e-mail server with Cyrus + SASL + LDAP and would like to
prohibit access to mailbox of the User when it is with the expired
password. How can I do that?
      
Sandro,

Cyrus SASL doesn't have a concept of password expiry. What mechanism is
controlling when your passwords expire? OpenLDAP ppolicy? or system
expiration (PAM)?

    
This isn't quite correct. Cyrus SASL in fact defines a SASL_EXPIRED error
code. However, the only Cyrus mech that currently uses this code is the OTP mech.

Unfortunately the Cyrus SASL auxprop mechanism doesn't define any method for
auxprop plugins to return this type of status information. Looking at the
code, it's not really obvious where such a status should be exposed. It would
certainly be nice to patch this in though.

So for all practical intents and purposes, Sandro is correct. Anything else is an exercise in hair splitting. If a defined mechanism has no way in which to be used, it might as well not be there, although I can see where the functionality may be planned and "on the way" but not finished yet.


-- 


Paul
[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux