<p dir="ltr">+1 Password policy shouldn't be hard as it's already using a similar approach, expect it's hard coded.</p>
<div class="gmail_quote">On 18 Mar 2016 2:14 p.m., "Marek Posolda" <<a href="mailto:mposolda@redhat.com">mposolda@redhat.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>On 18/03/16 12:58, Stian Thorgersen
wrote:<br>
</div>
<blockquote type="cite">
<p dir="ltr">Seems like a strange requirement. I can see why you
would want users to update the password frequently, not the
other way around. Or is there something I'm missing?</p>
<p dir="ltr">Password policy will be made an spi in the future.
That will make it easy to do, but it's not going to be done for
a little while.</p>
</blockquote>
Maybe we can do Password policy SPI in 2.X together with validation
SPI? Looks to me like quite related things.<br>
<br>
Marek<br>
<br>
<blockquote type="cite">
<div class="gmail_quote">On 18 Mar 2016 10:10, "Marek Posolda"
<<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Btv. Kevin you are using LDAP/MSAD right? If you have
writable LDAP, then for the LDAP users, you can create
custom LDAP Mapper implementation, which will implement
"proxy" method and override "updateCredential" method of
the proxy user object. Here you can <br>
implement this functionality by yourself (MSAD has
pwdLastSet attribute with the time when password was
updated for last time)<br>
<br>
Marek<br>
<br>
On 18/03/16 10:04, Marek Posolda wrote:<br>
</div>
<blockquote type="cite">
<div>Hi,<br>
<br>
this is not available right now. It can be achieved with
password policy, but we don't have such a password
policy right now. We can either:<br>
- Add the password policy to have this available in
Keycloak OOTB<br>
- Make PasswordPolicy pluggable SPI, so you can add your
custom password policy for the functionality like this.<br>
<br>
Feel free to create JIRA for this.<br>
<br>
Marek<br>
<br>
On 16/03/16 15:02, Kevin Thorpe wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">A standard practice for login systems is
to stop users changing their passwords too often.
Keycloak does not support this as of 1.7.0. Is there a
possibility of adding a timeout to stop too frequent
password changes?
<div><br clear="all">
<div>
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div><br>
</div>
<div>
<div style="color:rgb(0,0,0);font-size:12.8px">
<div><font face="verdana,
sans-serif"><b>Kevin Thorpe</b></font></div>
<div>VP Enterprise Platform</div>
<div><img src="http://i.imgur.com/8UeC1YO.png" height="96" width="96"><br>
</div>
<div><a href="http://www.p-i.net" target="_blank">www.p-i.net</a> | <a href="https://twitter.com/@PI_150" style="color:rgb(17,85,204);line-height:18.6311px" target="_blank">@PI_150</a></div>
<br>
<b>T: <a href="tel:%2B44%20%280%2920%203005%206750" value="+442030056750" style="color:rgb(17,85,204)" target="_blank">+44 (0)20 3005
6750</a> | F: <a href="tel:%2B44%280%2920%207730%202635" value="+442077302635" style="color:rgb(17,85,204)" target="_blank">+44(0)20 7730
2635</a> | T: <a href="tel:%2B44%20%280%29808%20204%200344" value="+448082040344" style="color:rgb(17,85,204)" target="_blank">+44 (0)808 204
0344</a> </b><br>
<b><font color="#515151">150
Buckingham Palace Road, London,
SW1W 9TR, UK</font></b><font face="Times New Roman"> </font><br>
<br>
<div><a><img src="https://clients.p-i.net/documents/11003/1116416/BSI-UKAS.logo_150.png" height="40px"></a> <a><img src="https://clients.p-i.net/documents/11003/1116416/ISO27001.logo_150.png" height="40px"></a> <a><img src="https://clients.p-i.net/documents/11003/1116416/QMS.logo_150.png" height="40px"></a> <a><img src="https://clients.p-i.net/documents/11003/1116416/pci.logo_150.png" height="40px"></a></div>
</div>
<div><br>
<b><span style="color:rgb(106,168,79)">SAVE
PAPER - THINK BEFORE YOU PRINT!</span></b>
<p><font size="1">____________________________________________________________________</font></p>
<p style="color:rgb(34,34,34)"><font size="1">This email and any
files transmitted with it are
confidential and intended solely
for the use of the individual or
entity to whom they are
addressed. If you have received
this email in error please
notify the system manager. This
message contains confidential
information and is intended only
for the individual named. If you
are not the named addressee you
should not disseminate,
distribute or copy this e-mail.
Please notify the sender
immediately by e-mail if you
have received this e-mail by
mistake and delete this e-mail
from your system. If you are not
the intended recipient you are
notified that disclosing,
copying, distributing or taking
any action in reliance on the
contents of this information is
strictly prohibited.</font></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</blockquote>
<br>
</div>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote>
</div>
</blockquote>
<br>
</div>
</blockquote></div>