Skip to content
Snippets Groups Projects
Verified Commit 388f7b7e authored by Christian Heusel's avatar Christian Heusel :rocket:
Browse files

tf-stage2: use 1h timeout for keycloak pw resets


Recently somebody complained that the email only reached them after the
password reset link had already become invalid, which is definitely
something that can happen with the previously set 5min timeout. 5
minutes timeout are too short aswell for any complex email analysis
setup or greylisting, and we therefore bump this value to one hour,
which is still short enough from a security perspective but gives our
users a bit more time to act on the reset.

Signed-off-by: default avatarChristian Heusel <christian@heusel.eu>
parent 8df0f2f0
Branches keycloak-password-reset-time
No related tags found
1 merge request!889tf-stage2: use 1h timeout for keycloak pw resets
Pipeline #113520 passed
......@@ -94,6 +94,9 @@ resource "keycloak_realm" "archlinux" {
registration_flow = "Arch Registration"
reset_credentials_flow = "Arch Reset Credentials"
// set one hour validity for password reset mails etc
action_token_generated_by_user_lifespan = "60m0s"
smtp_server {
host = "mail.archlinux.org"
from = "accounts@archlinux.org"
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment