Hi all, I'm working with TG1 and the standard identity framework and I want to implement password expiration, i.e that users have to change their password after a certain time period or it becomes invalid.
Has anybody ever done this? Of course I would have to augment the identity model so the User object has a "password_changed" date field (which could be None for infinite password validity) and either a global setting for the expiration period or another field on the User object for a per-user expiration time. Then, I guess, I would have to set up my own Identity provider, which checks these values, and, if the password is expired, redirects to a form, where the user can change his password. But how would I authenticate the user for this form without giving him access to the rest of the application? Any suggestions, code snippets, etc. welcome. Chris --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears?hl=en -~----------~----~----~----~------~----~------~--~---
