* Donald Fraser (postgres@kiwi-fraser.net) wrote:
> > On Wed, Dec 21, 2005 at 04:35:00PM -0000, Donald Fraser wrote:
> > > Our module controls things like:
> > > 1) how long before a user must change their password (daily, weekly,
> > > monthly etc)
> > > 2) password rotation - for example a user cannot use the same password
> > > within the last three changes
> > > 3) Password semantics: length of password, dictionary word checks and so
> > > on...
> > > 4) Restricting a users rights until they have changed their password
> > > (they cannot use the system until they change the password set by
> > > the administrator)
>
> From: "Jim C. Nasby"
> > Can you release any of that code under a BSD license? Some of those
> > should arguably be built-in. If nothing else, it would be good reference
> > code for others. Though, you can set a 'valid until' limit on roles
> > right now, but I suppose that's not exactly the same as what you have.
I definitely agree that it'd be nice to have some of these built in. On
the other hand, PAM can do much of this but that requires appropriate
access to the various system files. SASL is another thought but I'm not
sure if it can do even most of that (without having it using PAM
underneath which I understand is rather ugly).
I'd really like to get rid of the rather hackish PAM solution I've got
right now and so I wouldn't mind spending time looking into implementing
some of these things as built-ins. The part that makes me nervous about
that is if it would require protocol changes and/or additional library
dependencies that some might not care for.
Thanks,
Stephen