Locking accounts after X days without logging in

g.paradis · March 21, 2018, 7:08pm

During an internal security review of Pydio, we were asked if Pydio can lock accounts that have not been used for a specific number of days.

We are using Pydio 8.0.2 Community Edition.

Any ideas on how to do that?

I’m guessing that if we can track the account last login date (and create date, in case an account was created but never used), a cron job could check each account and lock them if “current_date > (last_login_date + max_inactivity_days)”.

Please advise.

romoloman · March 22, 2018, 6:38am

In the ajxp_log table you have events like create_user and log in with their time stamp
in the ajxp_users table there is a field named password
It’s really tricky to disable an user using a scheduled cron job

g.paradis · April 3, 2018, 6:48pm

Thanks @romoloman !

I’ll take a look at this over the next few days. I’ll post back with my findings.

Topic		Replies	Views
Lock/deactivate users after inactivity to rotate allowed accounts Pydio Cells	1	41	March 26, 2024
Force password change on guest users after 3 months Pydio 8	4	675	May 16, 2023
Crontab without pass Pydio 8	3	418	May 16, 2023
Pydio app causes account lock after a password change Mobile Applications	2	524	December 6, 2019
[solved] Can the inactive timeout be changed? Pydio 8 session	3	1759	January 16, 2018

Locking accounts after X days without logging in

Related Topics