Project

General

Profile

Feature #40329

Updated by Tatjana Dehler about 1 year ago

As as admin I should be able to set a TTL for the password to expire.
It should be a cluster wide configuration.
p.e.: every user should change his password every 3 months.

Further questions:

* admin password expiry: Should it be possible to set an expiry date for the admin password as well? Or only if there is at least another admin account? If it should not be possible to set expiry date prevent the user from doing so.
* disabled users password expiry: Should it be possible to set/have an expiry date for disabled users?
* 'ac_user_create_cmd' requires timestamp as 'pwd_expiry_date': The function (ac_user_create_cmd) to create a user on the command line requires a timestamp as 'pwd_expiry_date' at the moment. Do we want to keep it or change the behavior here?
* recalculate password expiry date: issue https://tracker.ceph.com/issues/40329 introduces a default expiry span (USER_PWD_DEFAULT_EXPIRY_SPAN) for the user passwords and adds a password expiry date field (pwd_expiry_date) to the User class. If the administrator edits the USER_PWD_DEFAULT_EXPIRY_SPAN variable the password expiry dates need to be re-calculated.
* update password expiry date (which is set manually): If the 'USER_PWD_DEFAULT_EXPIRY_SPAN' is set and the user changes the password, it's easy to update the expiry date to the next date. But what happens if 'USER_PWD_DEFAULT_EXPIRY_SPAN' is not set and the password expiry date was entered manually?

Back