Why do you need to change the password that often, or if you are, why is the command line not an option?

In some deployment scenarios, users will not have access to the command line and they will have no way of setting this at the moment.

Can you walk me through a deployment scenario where changing the password from the web UI is necessary, but changing the username, host, port, etc., are not? I can't come up with a case where this makes sense.

It's a case where we have already set the smtp host and port to a specific server and user should provide the username and pass afterwards. And user does not necessarily have access to the underlying machine to be able to ssh and change configs there.

The username is also locked, and can not be edited from the web UI.

We lock these options to prevent an attacker who compromises an administrative account from escalating access by reconfiguring mail so it is delivered through an account they control, then sending password reset email, then reading recovery tokens from the SMTP server. This is an important part of the security design of Phabricator, so we are not likely to unlock these options in the upstream.

From a technical point of view, you can subclass PhabricatorConfigSiteSource to inject configuration below the database level. This is what we do in the Phacility cluster, and it would allow you to let users configure settings from an external control panel you provide for users. However, this is complicated and not something we're generally ready to formally support.

Alternatively, you could deploy a forked version of Phabricator which unlocks these options.

Since we don't want to unlock these options in the upstream and don't have an upstream use case for a "password" field, this isn't something we'd be interested in bringing upstream.

Fair enough. Thanks.