As soon I enable http://drupal.org/project/password_policy module, and force password change for a role, all users in that role will go into a password change loop, even if we change password it will be in loop.

if I disable password_policy module then force password change will work correctly.!.

the reason for enabling http://drupal.org/project/password_policy is to force user to choose strong user password.

any idea why this is happening..?

Comments

cmstom’s picture

cmstom
Location Northern California
commented

I was using the distro Open Public, which comes with Password Policy. I was having the issue:

User would log in and be stuck at the User Edit page. I noticed that the box was checked "Force password change on next login"

I logged in as user 1 and disabled that and then tried to login with the problem account. I was still stuck.

This is what I did to resolve the issue:

  1. Logged in as User 1
  2. Administration > Configuration > People > Password Policies > Force Password change
  3. Selected the roles that were affected.
  4. Logged in as the problematic user, reset the password.
  5. Works fine now.
afreeman’s picture

afreeman commented

Password Policy also implements 100% of Force Password Change's feature set, so you may have had nearly identical code in two modules duking it out for supremacy. If you already have Password Policy installed there is no need for Force Password Change as well.

madhusudan’s picture

madhusudan commented

@ afreeman ,

there is a difference for force password in both modules.

1) "password policy" module just requests a user to change password (it doesn't forces user), so user can ignore the password change by navigating into other pages!.

2)"force password change" module forces users to change their password, and will not allow to view other pages until they change their password.

and i feel the second option is better. (we cant take any chances!).

rogeriodec’s picture

rogeriodec commented

Same here....

roball’s picture

roball commented
Category: bug » support

The safest solution would be to disable the "Password policy" (password_policy) module, as I did.

When password_policy is disabled, force_password_change (this module) does not have the issue reported here, so it can be declared to simply be incompatible with it. Thus changing the Issue Category from "bug report" to "support request".

ipwa’s picture

ipwa commented

Does this still happen in 7.x?

xurizaemon’s picture

xurizaemon
he/him
Location Ōtepoti, Aotearoa 🏝
commented

Duplicate of #1166106: Forced password change prompts an infinite loop of new password changes perhaps?

jaypan’s picture

jaypan
Location Victoria, BC
commented
Issue summary: View changes
Status: Active » Closed (outdated)