Display Password Restriction / Strength Settings whenever the user can change their password (all modules).
Password Challenge Answer is no longer Case Sensitive.
NOTE: This will not work with existing Challenge Answers. The normalization is to Lower Case so that there will be minimal impact, but user's will need to reset their answers for this to function 100%.
Password Challenge now uses canned questions. You specify the canned questions in the config file. The first one presented is randomized.
Auto logout after a successfull password change.
Logging of events, general and security related. The Logfiles get placed in the default TOMCAT_HOME directory (or whichever is the default for your app server). There is a Logfile per module, each with the modulesname.log. Security related events log the true client's IP address, if you have iChain configured to forward the http header x-forwarded-for to the servlets.
Never display the full DN of a user object - only the CN.
