IdStory Identity Manager

Requirements: https://wiki.czechidm.com/priv/navrh/selektivni_minimalni_platnost_hesla

In the current version of CzechIdM when the "minimum number of days for password validity" (condition) in password policy is set, password of the user can be changed only once in given number of days. No exceptions.

1. if the user changes his/her own password, the condition is mandatory
2. if the user changes password to some other user (e. g. as an admin, help desk operator, manager...), the condition is never checked. Also during the next password change of this user the condition is not checked too
3. if the password change comes from the password filter it always equals to the #1 case - the condition is mandatory
4. if the password has set "must change" flag to true, the condition is never checked

This new behavior should be implicit - admin will not be able to enable the original behavior.

The condition is often used to prevent users from multiple password changes in a row to end up with the same password again. However when the user needs new password to be set by admin and change of the password is requred the condition prevents the user from doing it.