> Use your own user table where name and password are stored encrypted and
> checked after login from your app.
> If your customers have a password policy then they might have further
> requirements like:
>
> - user can't change password
> - user has to change password
> - password validity / expiration date
> - password history (no reuse of already used passwords after a change)
> - and so on

Hi Lucas,

yes the customers have the requirements you described and I'm able to
fulfill the requirements without storing the current password of a user
in my database. I don't like the idea of storing the current password in
my database, but I fear it's the only possibility I have.

Regards

Guido