Recently, we have several clients that have been locked out of their sites due to the overly aggressive password policy configured by wetkit. If the user does not login for a while their account status is set to 0 and they can no longer login. Unfortunately, the policy also includes uid = 1 (admin) so in this situation the only way to get back into the system to to change it in the database. Minimally, admin should not be included in the policy settings so there is at least one account that is not affected. Thank-you!

Comments

joel_osc created an issue. See original summary.

natew’s picture

natew CreditAttribution: natew commented
Priority: Major » Normal
Status: Active » Postponed (maintainer needs more info)

Please suggest new settings in the form of patch for review?

joel_osc’s picture

joel_osc CreditAttribution: joel_osc at OpenPlus commented
Status: Postponed (maintainer needs more info) » Active

Actually, I think the team there needs to have a look at the new TBS guidelines on passwords and sync them up with the entire password policy config. There are some major changes now.

joel_osc’s picture

joel_osc CreditAttribution: joel_osc at OpenPlus commented

Also, since these configs reside inside of wetkit features I don't believe the onus is me to provide a patch. If it were in code then sure a patch would be helpful.