[IPP] Some links for password policies (re: job-password patterns/policies discussion yesterday...)

[IPP] Some links for password policies (re: job-password patterns/policies discussion yesterday...)

[IPP] Some links for password policies (re: job-password patterns/policies discussion yesterday...)

Michael Sweet msweet at apple.com
Wed Feb 4 17:04:18 UTC 2015


All,

Here are some quick links to the MS Active Directory and Apple Open Directory password policy support:

Active Directory supports a bunch of things, but for job-password the two relevant settings are "Passwords must meet complexity requirements" and "Minimum password length"- there is no notion of more complex settings to control the contents of the password string:

    https://technet.microsoft.com/en-us/library/hh994562(v=ws.10).aspx

Open Directory supports limits on the length (min and max), maximum number of repeated characters (i.e., prevent use of "aaaa" as a password) and sequential characters (e.g., "1234"), plus controls for "must contain a letter" and "must contain a number":

    http://support.apple.com/kb/PH9234

Seems like a simple keyword approach may be sufficient, e.g.:

    job-password-policy-configured (type2 keyword)
    job-password-policy-supported (1setOf type2 keyword)

    Informs the Client of the formatting requirements for "job-password" values, includings:

    'digits': The "job-password" value must consist of digits from 0 to 9.

    'alphanumeric': The "job-password" value must consist of US ASCII letters and numbers.

    'alphanumberc-complex': The "job-password" value must consist of US ASCII letters and numbers, with at least one uppercase letter, one lowercase letter, and one digit.

    [For discussion: do we want full ASCII and Unicode printable support, too?]

As for length requirements, right not "job-password-supported" is of type integer(0:255).  Ideally we'd want a rangeOfInteger(0:MAX) value to provide minimum and maximum lengths - not sure how much trouble we'd cause by extending that attribute to "integer(0:MAX) | rangeOfInteger(0:MAX)", but IMHO that would be the ideal outcome.

_________________________________________________________
Michael Sweet, Senior Printing System Engineer, PWG Chair



More information about the ipp mailing list