On Mon, 20 Feb 2012 20:08:53 +0100 Juergen Weigert <jw@suse.de> wrote:
We could make passwords expire after say 2 years. Then those definitions become much easier, I'd say.
That is simple solution that everyone is looking for. Forced password change will improve security and give additional benefit to know who did not touch openSUSE infrastructure for a certain period. Not ideal, but any better will ask for far more resources then one time process design and few scripts to automate it. Period of password validity should follow security guidelines, not arbitrary numbers to accommodate activity tracking. Once password expired admin should receive email that is easy to parse and use to start countdown of grace for accounts that belong to members. During grace period request for a new password will reset counter. -- Regards, Rajko -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org