Re: WG Last Call (third time's the charm?) for SSH core drafts

To: sommerfeld%east.sun.com@localhost
Subject: Re: WG Last Call (third time's the charm?) for SSH core drafts
From: Darren Moffat <Darren.Moffat%eng.sun.com@localhost>
Date: Mon, 4 Feb 2002 15:03:04 -0800 (PST)

>> Actually it might even be better to have it as a MUST since not doing
>> so allows for the potential of a client/server pair that can bypass admin
>> policy and we shouldn't really encourage that.
>
>Well, the password policy should be entirely enforced by the server.
>
>MUST would rule out a "soft password expiration" policy where the
>server could strongly suggest, but not require, a password change, for
>some time interval before the change became mandatory..

I was assuming that case would be dealt with by telling the user their
password was going to expire and letting them do the appropriate thing
for their system; however that might not be suitable in all cases so I
see that MUST is probably too strong.

--
Darren J Moffat

Prev by Date: Re: WG Last Call (third time's the charm?) for SSH core drafts
Next by Date: Re: WG Last Call (third time's the charm?) for SSH core drafts
Previous by Thread: Re: WG Last Call (third time's the charm?) for SSH core drafts
Next by Thread: Re: WG Last Call (third time's the charm?) for SSH core drafts
Indexes:

Home | Main Index | Thread Index | Old Index