Bug 41794


6.7.1, 6.7, 6.6.5, 6.6.4,,, 6.6.3, 6.6.2, 6.6.1, 6.6, 6.5.8,, 6.5.7, 6.5.6, 6.5.5, 6.5.4, 6.5.2, 6.5.1, 6.5, 6.3.1, 6.3, 6.2.x, 6.2, 6.1.6, 6.1.5, 6.1.x, 6.0.x,, 5.1.5, earlier versions


Turning on stale account aging may disable accounts

The lastLoginTime of an account is only updated if the repository has stale
account aging or password aging enabled.  The update of the lastLoginTime
on login requires a commit, which is not always desireable.

As a result, if a stale account age limit is set in a repository that did
not previously have either check, the lastLoginTime of accounts that log
in frequently may be still set to a date well in the past, which results
in the account being disabled immediately.


Decisions to enable or disabled account and password aging should be done
with forethought, in any case.

If you are setting the stale account age limit on a repository that has
been in use, then you should send lastLoginTime: to each UserProfile, to
initialize the lastLoginTime correctly. The method lastLoginTime: was added
in version 6.6

To turn on account aging safely on versions prior to 6.6, an initial period
with the stale account age limit set to a large value, or with password
age check enabled but not account age limits, will allow accounts time
to login in with updates to the lastLoginTime.

Last updated: 4/9/12