Hi, Thank you for reply :)
I will continue with my evaluation. Thanks Carlo On Sun, May 3, 2009 at 4:57 AM, Stefan Zoerner <[email protected]> wrote: > Hi Carlo, > > Carlo Camerino wrote: > >> I just want to know if Apache Directory server can do the following. >> >> 1.) Can it force the users to change password? (Expire password after a >> specific time period) >> 2.) Can I make a list of commonly used passwords that users shouldn't use? >> > > The functionality w.r.t. password polices is not that impressive yet. There > is a Password Policy Interceptor, which has to be enabled. It deals with > minimal password complexity etc. defaults (if enabled) to this: > > * The password is at least six characters long. > * The password contains a mix of characters. > * The password does not contain three letter (or more) tokens from the > user's account name. > > It would be quite easy to extend it to forbid certain password values. But > you have to extend the corresponding class and modify the configuration in > server.xml to accomplish that. > > This helps at least for question 2 (hopefully). > > Greetings from Hamburg, > Stefan > > > >
