[30377] in Kerberos
password policy to enforce difference passwords for different
daemon@ATHENA.MIT.EDU (Tim Olsen)
Tue Oct 21 11:55:56 2008
Date: Tue, 21 Oct 2008 11:30:41 -0400
From: Tim Olsen <tolsen@limelabs.com>
MIME-Version: 1.0
Message-ID: <QbWdnUUdqOI8aGDVnZ2dnUVZ_vadnZ2d@speakeasy.net>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
At my company, we've setup IMAP and SMTP services to fallback to PLAIN
authentication using a different instance of the principal (over SSL of
course). This way, users can use clients (such as the iPhone) that do
not support kerberos, but the kerberos password for their default
instance (which may grant them ssh access to certain machines) is not
cached on their client. We are also considering doing something similar
for HTTP authentication (Negotiate falling back to Basic).
Is there any way to set up a password policy that would enforce that
different instances of a principal have different passwords?
Thanks,
Tim
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
