Merge "Enable keystone brute-force protection by default"

2018-12-19 07:24:47 +00:00 · 2018-12-19 07:24:47 +00:00 · 2fcfd668ad
commit 2fcfd668ad
parent 95a6a2e875 df336272f0
1 changed files with 4 additions and 0 deletions
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@ -439,6 +439,10 @@ conf:
      backend: dogpile.cache.memcached
    oslo_messaging_notifications:
      driver: messagingv2
+    security_compliance:
+      # NOTE(vdrok): The following two options have effect only for SQL backend
+      lockout_failure_attempts: 5
+      lockout_duration: 1800
  # NOTE(lamt) We can leverage multiple domains with different
  # configurations as outlined in
  # https://docs.openstack.org/keystone/pike/admin/identity-domain-specific-config.html.