<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 18/03/16 12:58, Stian Thorgersen
wrote:<br>
</div>
<blockquote
cite="mid:CAJgngAe2ERL9x7h9Yi_RqfNkLwf886uPBxskLmJByMZEKGP5Vg@mail.gmail.com"
type="cite">
<p dir="ltr">Seems like a strange requirement. I can see why you
would want users to update the password frequently, not the
other way around. Or is there something I'm missing?</p>
<p dir="ltr">Password policy will be made an spi in the future.
That will make it easy to do, but it's not going to be done for
a little while.</p>
</blockquote>
Maybe we can do Password policy SPI in 2.X together with validation
SPI? Looks to me like quite related things.<br>
<br>
Marek<br>
<br>
<blockquote
cite="mid:CAJgngAe2ERL9x7h9Yi_RqfNkLwf886uPBxskLmJByMZEKGP5Vg@mail.gmail.com"
type="cite">
<div class="gmail_quote">On 18 Mar 2016 10:10, "Marek Posolda"
<<a moz-do-not-send="true" href="mailto:mposolda@redhat.com">mposolda@redhat.com</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Btv. Kevin you are using LDAP/MSAD right? If you have
writable LDAP, then for the LDAP users, you can create
custom LDAP Mapper implementation, which will implement
"proxy" method and override "updateCredential" method of
the proxy user object. Here you can <br>
implement this functionality by yourself (MSAD has
pwdLastSet attribute with the time when password was
updated for last time)<br>
<br>
Marek<br>
<br>
On 18/03/16 10:04, Marek Posolda wrote:<br>
</div>
<blockquote type="cite">
<div>Hi,<br>
<br>
this is not available right now. It can be achieved with
password policy, but we don't have such a password
policy right now. We can either:<br>
- Add the password policy to have this available in
Keycloak OOTB<br>
- Make PasswordPolicy pluggable SPI, so you can add your
custom password policy for the functionality like this.<br>
<br>
Feel free to create JIRA for this.<br>
<br>
Marek<br>
<br>
On 16/03/16 15:02, Kevin Thorpe wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">A standard practice for login systems is
to stop users changing their passwords too often.
Keycloak does not support this as of 1.7.0. Is there a
possibility of adding a timeout to stop too frequent
password changes?
<div><br clear="all">
<div>
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div><br>
</div>
<div>
<div
style="color:rgb(0,0,0);font-size:12.8px">
<div><font face="verdana,
sans-serif"><b>Kevin Thorpe</b></font></div>
<div style="font-family:'Times New
Roman'">VP Enterprise Platform</div>
<div style="font-family:'Times New
Roman'"><img
moz-do-not-send="true"
src="http://i.imgur.com/8UeC1YO.png"
height="96" width="96"><br>
</div>
<div style="font-family:'Times New
Roman'"><a moz-do-not-send="true"
href="http://www.p-i.net"
target="_blank">www.p-i.net</a> | <a
moz-do-not-send="true"
href="https://twitter.com/@PI_150"
style="color:rgb(17,85,204);line-height:18.6311px" target="_blank">@PI_150</a></div>
<br>
<b style="font-family:'Times New
Roman'">T: <a
moz-do-not-send="true"
href="tel:%2B44%20%280%2920%203005%206750"
value="+442030056750"
style="color:rgb(17,85,204)"
target="_blank">+44 (0)20 3005
6750</a> | F: <a
moz-do-not-send="true"
href="tel:%2B44%280%2920%207730%202635"
value="+442077302635"
style="color:rgb(17,85,204)"
target="_blank">+44(0)20 7730
2635</a> | T: <a
moz-do-not-send="true"
href="tel:%2B44%20%280%29808%20204%200344"
value="+448082040344"
style="color:rgb(17,85,204)"
target="_blank">+44 (0)808 204
0344</a> </b><br>
<b style="font-family:'Times New
Roman'"><font color="#515151">150
Buckingham Palace Road, London,
SW1W 9TR, UK</font></b><font
face="Times New Roman"> </font><br>
<br>
<div style="font-family:'Times New
Roman'"><a moz-do-not-send="true"><img
moz-do-not-send="true"
src="https://clients.p-i.net/documents/11003/1116416/BSI-UKAS.logo_150.png"
height="40px"></a> <a
moz-do-not-send="true"><img
moz-do-not-send="true"
src="https://clients.p-i.net/documents/11003/1116416/ISO27001.logo_150.png"
height="40px"></a> <a
moz-do-not-send="true"><img
moz-do-not-send="true"
src="https://clients.p-i.net/documents/11003/1116416/QMS.logo_150.png"
height="40px"></a> <a
moz-do-not-send="true"><img
moz-do-not-send="true"
src="https://clients.p-i.net/documents/11003/1116416/pci.logo_150.png"
height="40px"></a></div>
</div>
<div><br>
<b><span
style="color:rgb(106,168,79)">SAVE
PAPER - THINK BEFORE YOU PRINT!</span></b>
<p><font size="1">____________________________________________________________________</font></p>
<p style="color:rgb(34,34,34)"><font
size="1">This email and any
files transmitted with it are
confidential and intended solely
for the use of the individual or
entity to whom they are
addressed. If you have received
this email in error please
notify the system manager. This
message contains confidential
information and is intended only
for the individual named. If you
are not the named addressee you
should not disseminate,
distribute or copy this e-mail.
Please notify the sender
immediately by e-mail if you
have received this e-mail by
mistake and delete this e-mail
from your system. If you are not
the intended recipient you are
notified that disclosing,
copying, distributing or taking
any action in reliance on the
contents of this information is
strictly prohibited.</font></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
keycloak-user mailing list
<a moz-do-not-send="true" href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</blockquote>
<br>
</div>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote>
</div>
</blockquote>
<br>
</body>
</html>