Beginning with version 4.41.83 you can enter the date when a password expires. If you enter this datum users in you installation will be able to filter those passwords that have expired or that will expire soon (in 15 days or less - configurable). You can also have the system send an email notification to the password manager and project manager for those passwords that have expired or that will expire soon.
Entering the expiry date
You can enter this expiry date at the password edit screen:
If the password has expired or expires today an Expired label will be shown next to the expiry date in the password screen and in lists where the password appears:
If the password expires in 15 days or less, a Will expire soon label will be shown instead. Note that this expiry period warning can be changed or disabled.
Filtering expired or soon to expire passwords
If a password has expired or will expire soon, any user that has access to the password will be able to filter it with special filters in lists.
Here you have these filters in the normal passwords list:
And here you have them in the passwords lists inside a project:Note that these filters are only shown if there are passwords that have expired or will expire soon.
Changing or disabling the password expiration warning/reminder
Team Password Manager will show a Will expire soon label for those passwords that will expire in 15 days or less. It will also allow you to filter those passwords as we've just seen.
If you want to change this period or just disable the soon to expire warning you can do it in Settings | Expiration. This option can only be set by users with role "Admin" or "IT".
To set it go to Settings, then Expiration and then click on the "Edit expiration configuration" button, which will show you the "Edit password expiration configuration" screen:
You can enter the days of the reminder or 0 to disable it.
Team Password Manager has a special function to send email notifications to password managers and project managers for those passwords that have expired or that will expire soon. This function is called
genexp and can be executed by opening the following page:
You can see the correct URL for
genexp for your installation if you go to Settings | Expiration.
You can open
genexp with your browser to test, but it should really be called by a scheduler that executes it at least once a day.
If your Team Password Manager installation is on a *nix server you can setup a daily cron job to execute curl to open this address. To do so, edit the crontab configuration file with
sudo crontab -e and enter the following line:
0 6 * * * curl YOUR_TEAM_PASSWORD_MANAGER_URL/index.php/genexp
This will setup
genexp to be executed at 6:00 AM every day. Change YOUR_TEAM_PASSWORD_MANAGER_URL to the one for your installation and 6 to whatever hour you like.
genexp can sometimes send many mails at once. To avoid being banned by your ISP/mail server you can control email throttling by specifying the number of seconds between each message using the SECONDS_BETWEEN_EMAILS parameter in config.php. Read about it here: SECONDS_BETWEEN_EMAILS.
What does genexp do?
genexp will send emails to the password managers and project managers of passwords that have expired or that will expire soon. Only one email message is sent to each user, grouping all the expired/soon to expire passwords. Here you have an example of such message:
genexp will log its execution with 2 actions:
- Generate expiration notifications: with the number of expired and soon to expired notifications generated.
- Send notifications by email: with the number of emails sent.
These actions are logged even if no notifications are generated or emails are sent, so you can use them to verify if
genexp is being executed correctly.
Note that if you disable expiration warnings/reminders (see how to do it in the previous step), notifications for those passwords that will expire soon will not be sent.
How expiry date affects import/export and the API
The import and export procedures have been updated to support the expiry date field. The API (version 2) also has been updated to support this datum. API v1 as no support for the expiry date field.
Here you have the corresponding documents: