<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] is concept of the a [Password Policy] to limit the length of time that a [user] can continue to use the same [password]. 

!! Should organization's mandate [Password Periodic Changes]? 
__Mandated [Regular Password Changes|Password Periodic Changes]__ are a long-standing security practice which has been questioned as if it is effective by the following: 
* [NIST.SP.800-63B]
* [Microsoft]
* [Bruce Schneier] 
* [The National Cyber Security Centre|National Cyber Security Centre] ([NCSC]) 
all recommend that passwords [SHOULD NOT] be arbitrarily expired after some [interval|Password Expiration].


!! [LDAP]
[{$pagename}] is a [LDAP] concept of the a server or [DSA] that can be used to limit the length of time that a user can continue to use the same [password]. 



!!! [LDAP]
Some [LDAP Server Implementations] implement the [Password Modify Extended Operation] [supportedExtension]. This can allow as the [password expiration time] draws near, the user may receive warning messages in the form of [supportedControl] in the [bind Response].  

Typically, Once the [password] has expired, and there are no [Grace Logins] left, the entry will no longer be allowed to perform [Authentication].

Once the user's password has expired, it may be necessary for an administrator to perform a [Password Reset] before the account may be used.  Alternately, if the password policy is configured appropriately, the user may also be able to perform a [Password Change] for their own expired password using the [Password Modify Extended Operation] or by using a [Password Management Application].

!! [AD Determining Password Expiration]
[AD Determining Password Expiration] explains how the [{$pagename}] works in [Microsoft Active Directory]

!! [draft-behera-ldap-password-policy]
Several [LDAP Server Implementations] follow the [draft-behera-ldap-password-policy] as a [Password Management Methodologies].

!! [eDirectory Password Expiration]
[eDirectory Password Expiration] explains how [eDirectory] determines [{$pagename}].
!! [Edirectory Administrative Password Changes]
[Edirectory Administrative Password Changes] are applied to to a user's password, the password is normally expired. (ie [Password Reset])

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
</pre>