Do not enforce minimum password life restrictions
I have a use case where I am launching Grafana using Kickstart, the issue is that the accounts created by Kickstart are made with a default password, I have also set passwordChangeRequired = true for each user.
For the Tenant (also modified within Kickstart), I have specified a minimum password lifetime of 1 day. The issue arises when I launch Kickstart and try to log into an account immediately, this triggers the required password change as intended, but the minimum password lifetime causes a rejection of the change, as the password was set only moments ago, during the Kickstart phase.
Effectively, I am unable to use a FusionAuth user account until 1 day after the Kickstart has completed. Is there any solution to this issue, such as not enforcing the password minimum lifetime if the user was forced to change their password?
dan last edited by
I don't think there's any settings inside FusionAuth that will fix this issue. I would probably change how I set up the tenant and apply the minimum password lifetime setting 1 day after I kickstarted. (So, write a script using one of the client libraries which modified the tenant to apply that password complexity rule and execute it one day after the system was booted up.)
But further, I'm curious how you are using kickstart that would require you to have both these settings (forcing the change of password and also requiring the minimum age)? Are you setting up a dev environment? Your prod environment? Something else?