-
-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Password expiration #8785
Comments
If you want something like this I suggest you setup LDAP where you already can configure a policy like that. Having said that. Password expiration is a bad idea. Even the NIST agrees on that. If you want people to use strong passwords having them change it periodically is a bad idea. |
Yes, I know about NIST suggestions, but at enterprise and financial organizations it take more time to be up-to-date :) Many more time even :) We have two instances with LDAP setup for our workers, but now there is a need for externals accounts for our business financial clients and they accounts must be out of our AD's. |
@karlitschek @blizzz What is your opinion on stuff like this? IMO this is quite a complex feature pretty soon and should be tackled with tools outside of Nextcloud. |
May be also related to the forced password change: #1262 |
In combination with an API for the forced password change this could be done completely from the outside and doesn't require to have the logic of when it should happen inside Nextcloud itself, which makes a lot of sense to me. |
Yes please. Because else we have to implement this deep in our code base. And we are bound to miss something. I'd rather we are NIST compliant. And all other policies should be handled somewhere else. |
I added it to that ticket and will close this one here in favor of #1262 |
Hello.
It would be nice to have possibility to set local users password expiration after x days.
Usage -- if user wouldn't change password after 30 days the account is locked until the user change his password (AD like).
Need it to pass Security Department requirements.
Regards.
The text was updated successfully, but these errors were encountered: