#311 1.4 (non-regression): No way to force all-password changes through UI

1.5
open
nobody
None
1
2015-06-28
2014-04-10
Chris Travers
No

This is a non-regression but would be very helpful in mitigating future issues such as was recently seen in heartbleed. I think the setup.pl should have a function which allows the sysadmin to force all passwords to expire a certain period of time in the future (default being 7 days).

This is an important, indeed critical, security enhancement and therefore I think needs to be corrected in 1.4. However given the state of the setup.pl in 1.3, I don't see a benefit to backport it.

Discussion

  • Erik Huelsmann
    Erik Huelsmann
    2014-04-27

    • summary: 1.4 (non-regression): No way to force password changes through UI --> 1.4 (non-regression): No way to force all-password changes through UI
     
  • Erik Huelsmann
    Erik Huelsmann
    2014-05-17

    • Priority: 5 --> 1
     
  • Chris Travers
    Chris Travers
    2014-08-24

    • Group: 1.4 --> 1.5
     
  • Erik Huelsmann
    Erik Huelsmann
    2015-06-28

    Ticket moved from /p/ledger-smb/bugs/1107/

    Can't be converted:

    • _version: