• Leigh B. Stoller's avatar
    More inventive ways to avoid real work; add password expiration · 3e2bb386
    Leigh B. Stoller authored
    capability. New DB field in the users table (pswd_expires) which is a
    date field that initially gets set to one year after the user account
    is created. When the password is changed via the web form, it gets
    bumped 1 more year into the future *unless* the current uid is
    different from the target_uid (ie: you are changing a password for
    someone else). In that case, the expiration is set to the current
    date, which forces the target user to change his password next time he
    logs in. I've changed the menu/auth code to look for password
    expiration, and when expired the menu options contain just a single
    option to change the password. All other https pages will fail with a
    password expired message. Normal text pages will work of course.