[Catalyst] Password policy support for
bgmilne at mandriva.org
Fri Jun 20 10:55:56 BST 2008
In our internal management web app (which has only been feasible due to
Catalyst), we authenticate against our OpenLDAP (2.3) infrastructure.
Due to various security requirements (SAOX etc.), we are required to have
password expiration etc. So, we implemented password policies a while back
using OpenLDAP's slapo-ppolicy overlay
Net::LDAP recently added support for the Password Policy control, so at least
this is now feasible (without hacking Net::LDAP, which is where I got stuck
on the previous attempt).
I think I may be able to provide a patch for Authentication::Store::LDAP,
however, the first problem is that Catalyst::Authentication (like many other
authentication frameworks) assumes the result of an authentication will
always only be a boolean, and thus doesn't make provision for situations such
-The account is locked out (the password may have been correct, but the user
-The password was reset and needs to be changed (so, authenticate them but
allow for a means to send them to a password changing facility)
-The password will expire soon
I wouldn't like to try and propose a solution for Catalyst::Authentication
(yet), but I can try and provide input on any proposed solution.
More information about the Catalyst