I want to expire a user's password

I want to expire password of locally created user.
Is it possible?

There is no procedure or app i am aware of.

Would be glad if someone would build this into the Passwordpolicy App.

There is already a featurerequest on github, and i felt free to push that, however, there has not been changes for at least 4 month.

For that matter i will flag the post, and see if we can get an official statement about that, or if somebody would dedicate a little time to this.

@

Well flagging didnt work, i wrote as much as allowed and got an http error 500 on sending :roll_eyes:

However there is a similar Post: How to configure a user account password expire?

But no reply back then in May so i just flog @jospoortvliet in here in the hope he can help or point us to the people to talk to about this.

Thank you!
I expect great developers.

There’s no password expiration. First, because every decent security expert will tell you that password expiration is stupid and makes things less secure. Second, because nobody has volunteered to make that feature and we strongly recommend our customers NOT to do it so we sure won’t write it :wink:

Of course, if you use LDAP or something you can set it there. Again, though, DON’T DO IT, IT IS INSECURE.

1 Like

Thanks for your Input. Will look into this in depth, and will up my knowledge there. I was completley unaware of this like many other admins too.

My pleasure :wink:

Security is hard, that much is certain. And Bruce Schneider is worth following :wink:

Although I would agree forcing a password reset based on time does not help, forcing a expiration of a password so it must be changed at next login is useful, but it seems that two seemed to be intertwined in most implementations. If you want to ensure all passwords that are used are strong passwords giving a new user a simple password to start which is forcibly changed then allows you to save all your passwords safely in nextcloud in a password database without needing an already established account / email to reset it. With that said is there any way of adding the ability to force the user to change the password upon login ?

Perhaps you can set the user password to:

thisisaverystupidpasswordandpleasechangeit

and then send him/er an email with the password :wink:

You can use this command to change the password.
I think it works also for namal users.