Greetings,
I'm configuring a new 1.5.9 install. I tried to look for the answer in the LedgerSMB manual but the manual from the website is for v1.3x... So.
Under "Security Settings"
Password Duration: Is this days? minutes? seconds? What is the default?
Suggestion #1: Whatever the duration period is, place it next to the description along with the default value. Like so: Password Duration, in Days (Default=2 days):
Session Lockout: Is this minutes? seconds? What is the default?. Suggestion #2: Whatever the duration period is, place it next to the description along with the default value. Like so: Session Lockout, in Minutes (Default=10 minutes):
Suggestion #3 (for next release):
Enable the Sys Admin to disable the Password Duration altogether. So setting the Password Duration to "0" means that user passwords do not expire.
You could just replace the a "hard" password expiration with just a 180-day nag like this:
Your password is over 180 days old. Please consider replacing the current password with a newer one.
And, include a link/button that says: "Disregard". Which will stop the nag for another 180 days.
Thanks!
Regards, Michael