Closed
Bug 555746
Opened 15 years ago
Closed 15 years ago
Provide Support For Required Password Rotation for Users
Categories
(Bugzilla :: Administration, task)
Bugzilla
Administration
Tracking
()
RESOLVED
DUPLICATE
of bug 284570
People
(Reporter: mcoates, Unassigned)
References
Details
Issue:
Functionality is not present for an admin to define a password rotation policy which would require users to change their password after a defined number of days.
The risk is that a compromised password could be used indefinitely. There is also a minimal risk that an attacker could brute force a password each day subject to the account lockout control.
Recommended Resolution:
Provide support to allow a bugzilla admin to define a password rotation policy for users. In addition, it would be beneficial if the policy could be customized per group - with a user bound by the most stringent rotation policy of all groups they are a member of.
Reporter | ||
Updated•15 years ago
|
Blocks: q2-review-bmo
Comment 1•15 years ago
|
||
See especially bug 284570 comment 3, which is what you are requesting here.
And this is neither a major issue nor a security bug.
Group: bugzilla-security
Severity: major → enhancement
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•