Sent from my iPhone
> On Sep 11, 2015, at 9:48 AM, Liam Hoekenga <li...@umich.edu> wrote: > > I think I get the desired behavior if the expiry factor script exits with > return code 2 (COSIGN_CGI_PASSWORD_EXPIRED) when the account is expired, > instead of issuing the factor. That will work as long as you're invoking it as a factor, and not a userfactor. The latter doesn't have any checks around the return code (which is probably a bug). > > What would you think about an additional argument to "factor" that would > require the factor be evaluated every time? Maybe invoking the reauth > mechanism? Maybe. In general I'm loathe to extend the interface without cleaning up what's already there. And if what's already there is sufficient, even more so. ------------------------------------------------------------------------------ _______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss