Details
-
Sub-Task
-
Status: Resolved
-
Major
-
Resolution: Done
-
1.7.10
-
All databases
Description
*** Part of the security enhancements update ***
The mandatory password change feature requires users to change passwords after a specified interval of time. The i2b2 Administrator controls the number of days allowed before a password must be changed. Two new parameters, 1 global and 1 user, will store the relevant information for passwords to expire.
Summary of Password Expiration Process
1. New global parameter is entered (via i2b2 Admin module).
2. Password expiration feature is turned on.
3. Passwords for ALL users are now expired.
4. User attempts to sign into i2b2 Web Client; prompted to change password.
5. User enters a new password & successfully signs into the i2b2 Web Client.
6. Using the value in the global parameter, the system calculates the next expiration date for the user and adds the user parameter with that date to the correct table.
NEW PARAMETERS
Two new parameters were created as part of the Mandatory password change feature. Both parameters are called PM_EXPIRED_PASSWORD however one is set within PM_GLOBAL_PARAMS and the other within PM_USER_PARAMS. Each parameter has a different function in the password expiration process and is further defined below.
GLOBAL Parameter
What it does:
• Turns the feature on.
• Defines the password change interval.
• Passwords will never expire if this parameter is not added as a global parameter.
Table: PM_GLOBAL_PARAMS
Parameter Name = PM_EXPIRED_PASSWORD
Parameter Value = [number of days the passwords will expire (change interval)]
Parameter Data Type = Text
USER Parameter
What it does:
• Date user’s password will expire
• Parameter is added automatically 1st time password is changed after it expires.
• Passwords will never expire without this setup as a global parameter in the PM_GLOBAL_PARAMS table.
Table: PM_USER_PARAMS
Parameter Name = PM_EXPIRED_PASSWORD
Parameter Value = [date password will expire]
Parameter Data Type = Text
The mandatory password change feature requires users to change passwords after a specified interval of time. The i2b2 Administrator controls the number of days allowed before a password must be changed. Two new parameters, 1 global and 1 user, will store the relevant information for passwords to expire.
Summary of Password Expiration Process
1. New global parameter is entered (via i2b2 Admin module).
2. Password expiration feature is turned on.
3. Passwords for ALL users are now expired.
4. User attempts to sign into i2b2 Web Client; prompted to change password.
5. User enters a new password & successfully signs into the i2b2 Web Client.
6. Using the value in the global parameter, the system calculates the next expiration date for the user and adds the user parameter with that date to the correct table.
NEW PARAMETERS
Two new parameters were created as part of the Mandatory password change feature. Both parameters are called PM_EXPIRED_PASSWORD however one is set within PM_GLOBAL_PARAMS and the other within PM_USER_PARAMS. Each parameter has a different function in the password expiration process and is further defined below.
GLOBAL Parameter
What it does:
• Turns the feature on.
• Defines the password change interval.
• Passwords will never expire if this parameter is not added as a global parameter.
Table: PM_GLOBAL_PARAMS
Parameter Name = PM_EXPIRED_PASSWORD
Parameter Value = [number of days the passwords will expire (change interval)]
Parameter Data Type = Text
USER Parameter
What it does:
• Date user’s password will expire
• Parameter is added automatically 1st time password is changed after it expires.
• Passwords will never expire without this setup as a global parameter in the PM_GLOBAL_PARAMS table.
Table: PM_USER_PARAMS
Parameter Name = PM_EXPIRED_PASSWORD
Parameter Value = [date password will expire]
Parameter Data Type = Text
Attachments
Issue Links
- is blocked by
-
CORE-288 Enforce complex passwords
- Resolved