On Fri, Nov 1, 2024 at 6:31 AM radmal <rad...@gmail.com> wrote: > Hi, > > Yes, that's it. This means that no 2FA option works with the password > expiry feature. > > Correct, at least, not with the Duo module. In the Jira issue, Mike suggested a work-around when using the TOTP module (waiting for the next TOTP code), but I doubt that will work with the Duo module.
> I see that this issue has been known for a little over two years now. Is > it on any TODO list to be resolved in the near future? > > There's no time-frame for fixing this issue. A couple of notes: * It's _possible_ that it will be fixed by one of the other issues that's going into the 1.6.0 release (SAML + TOTP), but not 100% certain about that. * Mike also mentioned in the Jira issue considering the possibility of _not_ requiring password rotations. There are mixed - and usually strong - opinions about this, and I realize that often there is a requirement passed down by higher levels of management/security, so it may not be feasible. -Nick
