On Wed, Feb 23, 2011 at 08:58:33AM +0000, email@example.com wrote:
Possibly we can extend the directive to handle exclusion as well as inclusion, to simplify this case.
Extending this idea slightly, would it be possible to have exclusions based on changes to specific attributes? The particular case I have in mind is where accesslog is used to keep a permanent audit log of changes, and ppolicy is also in use, resulting in one audit entry for every login failure. I have one site where a large proportion of the auditlog entries are login failures...