Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Recently, we have several clients that have been locked out of their sites due to the overly aggressive password policy configured by wetkit. If the user does not login for a while their account status is set to 0 and they can no longer login. Unfortunately, the policy also includes uid = 1 (admin) so in this situation the only way to get back into the system to to change it in the database. Minimally, admin should not be included in the policy settings so there is at least one account that is not affected. Thank-you!
Comments
Comment #2
natew CreditAttribution: natew commentedPlease suggest new settings in the form of patch for review?
Comment #3
joel_osc CreditAttribution: joel_osc at OpenPlus commentedActually, I think the team there needs to have a look at the new TBS guidelines on passwords and sync them up with the entire password policy config. There are some major changes now.
Comment #4
joel_osc CreditAttribution: joel_osc at OpenPlus commentedAlso, since these configs reside inside of wetkit features I don't believe the onus is me to provide a patch. If it were in code then sure a patch would be helpful.