s.hetze@linux-ag.de wrote:
Renaming the variables is no problem. What would you say extpwc stands for?
EXT ernal P ass W ord C ache?
I can imagine to call the module krb5pwc and head the README "Kerberos V/Active Directory Password Cache"
Right; but, this would limit yourself to Kerberos V; see my other posting about rather delegating auth to SASL.
Well, that could be a parameter that is provided through the configuration (caching TTL, optional negative caching TTL, and so). It doesn't need to be stored in the entry, or in a subentry, since dynamic configuration would allow to modify it run-time anyway.
If I understand it correct, you suggest to let the cached password expire after some configurable time. To achieve this, I would need to keep a timestamp when the password was cached. Is there any other way than to add an attribute holding this timestamp? ... Actually, I could make this feature depend on the {ad|krb5}pw-cache-mode=any and use the sambaPwdLastSet attribute.
Right; I think a specific operational attribute would be better.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------