Mikael Kermorgant
2006-May-17 16:12 UTC
[Fedora-directory-users] force password change from web apps
Hello, I''m testing FDS as authentication backend for some apps like squirrelmail, plone, ... I''d like to use "Password Change after Reset" for newly created users but they should be able to modify this password via squirrelmail or plone. Is it possible to use the "passwordgracelimit" in order to let them connect for the first time ? What parameter could I use from these apps to know I have to force the logged user to change his password ? Is it passwordexpirationtime ? Thanks in advance, -- Mikael Kermorgant
Mikael Kermorgant
2006-May-21 16:03 UTC
[Fedora-directory-users] Re: force password change from web apps
I could formulate my question this way : Which attribute would be best suited to indicate a third application that the user who logs in must change his password ? Does such an attribute exist ? Best regards, -- Mikael Kermorgant
Richard Megginson
2006-May-22 14:34 UTC
Re: [Fedora-directory-users] Re: force password change from web apps
Mikael Kermorgant wrote:> I could formulate my question this way : > > Which attribute would be best suited to indicate a third application > that the user who logs in must change his password ? Does such an > attribute exist ?If the password has expired, you could check for the operational attribute passwordExpirationTime. If your clocks are closely sync''ed, you can determine if passwordExpirationTime > now. If you have enabled "grace" logins (allow the user to bind and change the password after the expiration time), you can check for the presence of the operational attribute passwordGraceUserTime. If you are using a minimum password age, you can check the operational attribute passwordAllowChangeTime to find out when the user is allowed to change the password.> > Best regards,