LedgerSMB
The foundation for your business
David, Thanks for the info! Michael On 08/30/2017 06:24 PM, David G wrote: > Hi Michael, > > The below answers for (Password Duration) and (Session Lockout) are off > the top of my head. > I'll double check later today and update if needed. > > On 31/08/17 05:30, Michael Chinn wrote: >> Greetings, >> >> I'm configuring a new 1.5.9 install. I tried to look for the answer in >> the LedgerSMB manual but the manual from the website is for v1.3x... So. > While that manual is for 1.3, it is "generally" correct. > We are aware it needs to be updated but developer time has been focused > on improving the stability of the software and fixing bugs. > We could really do with some help getting the documentation updated. > Ideally updating the documentation is best done by a user as us > developers often overlook information the users want to see. >> Under "Security Settings" >> >> Password Duration: Is this days? minutes? seconds? What is the default? > Password Duration should be in days. > And on initial user creation this is set very short ( 1 day from > memory), However, once the user changes their password, the default is > 365 days I believe. >> Suggestion #1: >> Whatever the duration period is, place it next to the description along >> with the default value. Like so: >> Password Duration, in Days (Default=2 days): > Agreed, the duration should be shown in the UI. > Also, the currently set value should be displayed, even if it is the > default. (at the moment we only display a modified value) >> >> Session Lockout (Session Timeout): Is this minutes? seconds? What is the default?. > This value is in minutes, and I can't remember what the default is. An > hour or two most likely >> Suggestion #2: >> Whatever the duration period is, place it next to the description along >> with the default value. Like so: >> Session Lockout, in Minutes (Default=10 minutes): > Yep, once again, the units should be displayed, as should the "current" > value, even if it's the default. >> >> Suggestion #3 (for next release): >> >> Enable the Sys Admin to disable the Password Duration altogether. So >> setting the Password Duration to "0" means that user passwords do not >> expire. > The normal way to handle that is set an arbitrarily long Password Duration. > eg: 9999 (gives 27.4 years) >> >> You could just replace the a "hard" password expiration with just a >> 180-day nag like this: >> >> Your password is over 180 days old. Please consider replacing the >> current password with a newer one. >> >> And, include a link/button that says: "Disregard". Which will stop the >> nag for another 180 days. > While being able to simply nag may be OK for single user sites, it's > extremely undesirable for multiuser and Web Facing sites. > That said, Erik may have some ideas about making this more configurable. > > > I'll arrange to get units added, and the default values displayed for > the next release. > I've created issue #3109 > <https://github.com/ledgersmb/LedgerSMB/issues/3109> to track that > > Thanks for the reports > > Regards > David G >> >> >> Thanks! >> >> Regards, >> Michael >> >> >> > > > > _______________________________________________ > users mailing list > ..hidden.. > https://lists.ledgersmb.org/mailman/listinfo/users > -- ====================== Michael Chinn ..hidden.. ~ ~~ ~ ~ o:)^))>~< <;)^)))>~< ~ ~ ~~ ~ <:)^)))>~< <;)^)>~< ~~ ~~~ ~ ~ ~ o:)^)))>-< <;)^))>~< ~ ~~ ~~ ~~ ~ o;)^))>-< <:)^))>~< ~~ ~ ~o:)^))>~< _______________________________________________ users mailing list ..hidden.. https://lists.ledgersmb.org/mailman/listinfo/users