Control of expired passwords with SASL + LDAP
Dan White
dwhite at olp.net
Fri Oct 23 09:40:52 EDT 2009
Sandro,
ppolicy is documented in the slapo-ppolicy man page (from OpenLDAP). It may
not be a good fit if you're trying to enforce a password policy onto a
cyrus imap server.
You could use saslauthd with its PAM backend to enforce your password
policy, assuming you're only using PLAIN/LOGIN mechanisms.
How does LDAP fit into your overall picture?
On 23/10/09 11:10 -0200, Sandro Venezuela wrote:
>Thanks Dan for your reply.
>
>Today, expired passwords are controlled by PAM on the workstations and how
>do I use openSUSE Linux that is easy to implement.
>
>But the server I'm using only SASL+LDAP and wanted something similar
>to PAM, but I'll be searching ont the Internet the use of ppolicy to
>solve my problem.
>
>Do you have any documentation to show about ppolicy?
>
>Dan White escreveu:
>> On 22/10/09 21:36 -0200, Sandro Venezuela wrote:
>>> Hi,
>>>
>>> I have a e-mail server with Cyrus + SASL + LDAP and would like to
>>> prohibit access to mailbox of the User when it is with the expired
>>> password. How can I do that?
>>
>> Sandro,
>>
>> Cyrus SASL doesn't have a concept of password expiry. What mechanism is
>> controlling when your passwords expire? OpenLDAP ppolicy? or system
>> expiration (PAM)?
--
Dan White
More information about the Cyrus-sasl
mailing list