Overview#

Password Expiration is concept of the a Password Policy to limit the length of time that a user can continue to use the same password.

Should organization's mandate Password Periodic Changes? #

Mandated Regular Password Changes are a long-standing security practice which has been questioned as if it is effective.

LDAP#

Password Expiration is a LDAP concept of the a server or DSA that can be used to limit the length of time that a user can continue to use the same password.

LDAP#

Some LDAP Server Implementations implement the Password Modify Extended Operation supportedExtension. This can allow as the password expiration time draws near, the user may receive warning messages in the form of supportedControl in the bind Response.

Typically, Once the password has expired, and there are no Grace Logins left, the entry will no longer be allowed to perform Authentication.

Once the user's password has expired, it may be necessary for an administrator to perform a Password Reset before the account may be used. Alternately, if the password policy is configured appropriately, the user may also be able to perform a Password Change for their own expired password using the Password Modify Extended Operation or by using a Password Management Application.

AD Determining Password Expiration#

AD Determining Password Expiration explains how the Password Expiration works in Microsoft Active Directory

draft-behera-ldap-password-policy#

Several LDAP Server Implementations follow the draft-behera-ldap-password-policy as a Password Management Methodologies.

eDirectory Password Expiration#

eDirectory Password Expiration explains how eDirectory determines Password Expiration.

Edirectory Administrative Password Changes#

Edirectory Administrative Password Changes are applied to to a user's password, the password is normally expired. (ie Password Reset)

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-33) was last changed on 21-Feb-2017 09:42 by jim