The existing password change login interceptor should be refactored to a standard feature that can be enabled via UI. In addition, different password aging policies must be implemented
- Implement UI to enable / disable the password login interceptor
- Add option to set aging policies based on user role
When enabled, the system will check during login the timestamp of the password against the ageing policies of each role the user has. The lowest aging policy will match.
Normally there is only a distinction between administrative user and normal user, however what exactly an administrative user is, e.g. if an author belongs to that group, is subject of discussion. Therefore we just implement it for every role.
Note: in OO 13 the roles implementation will change. In this case, the ageing policy will be applied to the roles regardless of the organisation structure, there will be only one policy, not per org structure.
FX internal reporting: CL-870