How does the Inactivity Limit as defined in the System-Wide Security

Question

Theo Stolker · Dec 18, 2024

#Security #System Administration #InterSystems IRIS

Hi,

In a customer project we started enforcing the "Inactivity Limit" as defined in System-Wide Security Parameters. The customer would expect accounts to become Disabled after they have been inactive for the specified amount of days. However, that doesn't happen; it seems the Inactivity Limit is only established after logging in.

Furthermore, the account inactivity only starts being applied after the first login. Can you confirm that?

Lastly, for accounts that have been manually Disabled, and have an expired password, we see the following weird behavior:

User logs in
Needs to change his/her password
But after that is blocked from accessing the system through a weird "Gateway Error"

Is there anyone that knows intimately how the login process works? If so, can youu help clarify the above?

Thanks,

Theo

How does the Inactivity Limit as defined in the System-Wide Security Parameters work and other questions about the login process