Hi Michael, On Tue, Dec 09, 2003 at 03:28:03PM -0500, Michael Gurski wrote:

Is it possible to have OTRS force a password change, either immediately upon an initial login, or after a set period of time?

There are password policies here that I'd like to be able to follow (temporary passwords created when the account's created "must" be changed, passwords expire after N days, etc), but I haven't seen anything in OTRS 1.1.3 that would help enforce this. I suppose that, worst case scenario, I could periodically "reset" the passwords with a cronjob, forcing users to use the "forgot password" functionality, but this seems rather...heavy-handed.

Any ideas or suggestions would be appreciated.

The problem is, that you need to know what the last password update time is, so you can decide if the user needs to change the password or not. Currently there is no timestamp by setting a password. Just an idea if you want to add this feature, the function to set agent passwords is in Kernel/System/User.pm -> SetPassword(). There you could store a timestamp anywhere. On login time you need to check this timestamp also Kernel/System/Auth/DB.pm -> Auth().

Thanks, Mike

-- Michael A. Gurski (opt. [first].)[last]@pobox.com http://www.pobox.com/~[last]

Martin -- ((otrs.de)) :: OTRS GmbH :: Norsk-Data-Str. 1 :: 61352 Bad Homburg http://www.otrs.de/ :: Manage your communication!