Closed Bug 555746 Opened 15 years ago Closed 15 years ago

Provide Support For Required Password Rotation for Users

Categories

(Bugzilla :: Administration, task)

task
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 284570

People

(Reporter: mcoates, Unassigned)

References

Details

Issue: Functionality is not present for an admin to define a password rotation policy which would require users to change their password after a defined number of days. The risk is that a compromised password could be used indefinitely. There is also a minimal risk that an attacker could brute force a password each day subject to the account lockout control. Recommended Resolution: Provide support to allow a bugzilla admin to define a password rotation policy for users. In addition, it would be beneficial if the policy could be customized per group - with a user bound by the most stringent rotation policy of all groups they are a member of.
See especially bug 284570 comment 3, which is what you are requesting here. And this is neither a major issue nor a security bug.
Group: bugzilla-security
Severity: major → enhancement
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.