Uploaded image for project: 'MidPoint'
  1. MidPoint
  2. MID-5272

minAge security policy setting applies also for administrative password change

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 4.0
    • Fix Version/s: backlog
    • Component/s: None
    • Labels:
      None
    • Environment:

      Security policy with

      <minAge>P1D</minAge>

      is in place

      Description

      1. security policy with

      <minAge>P1D</minAge>

      2. administrator changes the password of an user twice a day
      3. minAge constraint is applied

      I understand WHY, but consider the following user case:

      1. user sets a password and forgets it
      2. user calls helpdesk in order to reset a password
      3. helpdesk (not even Superuser) is NOT able to change the password

      Maybe we should implement this only for self service? Hmm.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              vix Ivan Noris
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: