Cody Fendant has asked for the wisdom of the Perl Monks concerning the following question:

I've got a legacy Catalyst application and currently passwords never expire.

I'm supposed to add a password timeout, after which a new password is required. How would this be handled?

I've looked at the Catalyst app's config and read a fair bit of the documentation for Catalyst::Plugin::Authentication and can't see where to start.

Users of this application say it used to require a new password every n days but that's the only clue I have.

  • Comment on Where is password expiry enforced in Catalyst, using Catalyst::Plugin::Authentication?

Replies are listed 'Best First'.
Re: Where is password expiry enforced in Catalyst, using Catalyst::Plugin::Authentication?
by Corion (Patriarch) on Apr 29, 2021 at 07:51 UTC

    Judging from Catalyst::Manual::Tutorial::05_Authentication, you should be able to program your own Catalyst::Plugin::Authentication subclass that overrides the ->authenticate method. But my (cursory) search of metacpan did not find any existing implementations.

    If you are able to authenticate against LDAP, implementing the password reset rule in LDAP would enforce that without anything on your side and would also give the users single sign-on. But it requires an existing LDAP infrastructure :)

[reply]
[d/l]
[select]
      If you can manage it, LDAP authentication is definitely the way to go.
[reply]
Re: Where is password expiry enforced in Catalyst, using Catalyst::Plugin::Authentication?
by hippo (Archbishop) on Apr 29, 2021 at 08:06 UTC
    I'm supposed to add a password timeout, after which a new password is required.

    As a security feature, this practice has been thoroughly refuted. You can do it if you like, just don't be lulled into thinking that it will improve security.

    🦛

[reply]

Back to Seekers of Perl Wisdom