Closed
Bug 555746
Opened 14 years ago
Closed 14 years ago
Provide Support For Required Password Rotation for Users
Categories
(Bugzilla :: Administration, task)
Bugzilla
Administration
Tracking
()
RESOLVED
DUPLICATE
of bug 284570
People
(Reporter: mcoates, Unassigned)
References
Details
Issue: Functionality is not present for an admin to define a password rotation policy which would require users to change their password after a defined number of days. The risk is that a compromised password could be used indefinitely. There is also a minimal risk that an attacker could brute force a password each day subject to the account lockout control. Recommended Resolution: Provide support to allow a bugzilla admin to define a password rotation policy for users. In addition, it would be beneficial if the policy could be customized per group - with a user bound by the most stringent rotation policy of all groups they are a member of.
Reporter | ||
Updated•14 years ago
|
Blocks: q2-review-bmo
Comment 1•14 years ago
|
||
See especially bug 284570 comment 3, which is what you are requesting here. And this is neither a major issue nor a security bug.
Group: bugzilla-security
Severity: major → enhancement
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•