Re: second userpassword?

[Martin Smith <mfsmith@erols.com>]

I may be completely off, but doesn't the JAAS API include a SUBJECT 
object capable of having multiple PRINCIPAL attributes, which are 
essentially different roles or identities or privilege sets?  This would 
seem to imply there's a strategy for making the appropriate 
role/privilege info available to an app within the container.

martin



Eli Elhadad wrote:

> Hi,
> can't you expand your schema's to use a new derived person (or what ever dn
> you want) with two password attributes:
>
> attributetype ( < custom oid for userPassword > NAME 'myNewUserPassword' SUP
> userPassword )
>
> objectclass ( < custom oid for person > NAME 'myNewPerson' SUP person
> STRUCTURAL
> 	MAY ( myNewUserPassword ) )
>
> of course with oid using you organization oid that you get from www.iana.org
>
> what ever you do don't use fake oid
>
> cheers
> eli
>
> -----Original Message-----
> From: Susanne Benkert [mailto:benkerts@emt.iis.fhg.de]
> Sent: Thursday, March 14, 2002 10:15 AM
> To: Stefan Palme
> Cc: Openldap-Liste
> Subject: Re: second userpassword?
>
>
> Stefan Palme wrote:
>
>
> > I think the userPassword attribute can have
> > multiple values
>
>
> Hi,
>
> I know that userPassword is a "multiple values attribute" but that 
> doesn't really help me, because I have to use different passwords for 
> different services and different levels of security. If I just create a 
> second userpassword always both where checked - as far as I tested it - 
> and if one fits the user is authenticated.
>
> We found out that the objectclass sambaAccount includes two more 
> password-attributes (lmpassword and ntpassword) that can be used for 
> Windows and Linux, so there have to be a way to create own 
> password-attributes(?)
>
> Has anybody already tried something like this? Or are there any other 
> possibilities?
>
> Thank you for every piece of information.
> Susanne