Merge "Enforce new password rules to keystone accounts"
This commit is contained in:
commit
000011c85e
@ -0,0 +1,53 @@
|
||||
From 9ab6fb0efd1c9a35d5d6e44226cce6fd7f5189a7 Mon Sep 17 00:00:00 2001
|
||||
From: Karla Felix <karla.karolinenogueirafelix@windriver.com>
|
||||
Date: Thu, 4 Apr 2024 13:17:13 -0300
|
||||
Subject: [PATCH] Enforce new password rules to keystone accounts
|
||||
|
||||
This review will be enforcing new password rules to Keystone accounts,
|
||||
the new rules are:
|
||||
- Minimum 12 characters
|
||||
- At least 1 Uppercase letter
|
||||
- At least 1 number
|
||||
- At least 1 special character
|
||||
- Cannot reuse past 5 passwords
|
||||
|
||||
Signed-off-by: Karla Felix <karla.karolinenogueirafelix@windriver.com>
|
||||
---
|
||||
debian/stx/password-rules.conf | 11 +++++++----
|
||||
1 file changed, 7 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/debian/stx/password-rules.conf b/debian/stx/password-rules.conf
|
||||
index ac18ef9..2e1a7ff 100644
|
||||
--- a/debian/stx/password-rules.conf
|
||||
+++ b/debian/stx/password-rules.conf
|
||||
@@ -18,20 +18,23 @@
|
||||
# feature, values must be greater than 1. This feature depends on the `sql`
|
||||
# backend for the `[identity] driver`. (integer value)
|
||||
# Minimum value: 1
|
||||
-unique_last_password_count = 3
|
||||
+unique_last_password_count = 5
|
||||
|
||||
# The regular expression used to validate password strength requirements. By
|
||||
# default, the regular expression will match any password. The following is an
|
||||
# example of a pattern which requires at least 1 letter, 1 digit, and have a
|
||||
-# minimum length of 7 characters: ^(?=.*\d)(?=.*[a-zA-Z]).{7,}$ This feature
|
||||
+# minimum length of 12 characters: ^(?=.*\d)(?=.*[a-zA-Z]).{12,}$ This feature
|
||||
# depends on the `sql` backend for the `[identity] driver`. (string value)
|
||||
-password_regex = ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()<>{}+=_\\\[\]\-?|~`,.;:]).{7,}$
|
||||
+password_regex = ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()<>{}+=_\\\[\]\-?|~`,.;:]).{12,}$
|
||||
|
||||
# Describe your password regular expression here in language for humans. If a
|
||||
# password fails to match the regular expression, the contents of this
|
||||
# configuration variable will be returned to users to explain why their
|
||||
# requested password was insufficient. (string value)
|
||||
-password_regex_description = Password must have a minimum length of 7 characters, and must contain at least 1 upper case, 1 lower case, 1 digit, and 1 special character
|
||||
+password_regex_description = Password must have a minimum length of 12 characters, and must contain at least 1 upper case, 1 lower case, 1 digit, and 1 special character
|
||||
+
|
||||
+# Specifies the number of days after which passwords expire and must be changed.
|
||||
+password_expires_days = 90
|
||||
|
||||
# The number of seconds a user account will be locked when the maximum number
|
||||
# of failed authentication attempts (as specified by `[security_compliance]
|
||||
--
|
||||
2.34.1
|
||||
|
@ -1,2 +1,3 @@
|
||||
0001-Add-stx-support.patch
|
||||
0002-Add-login-fail-lockout-security-compliance-options.patch
|
||||
0003-Enforce-new-password-rules-to-keystone-accounts.patch
|
Loading…
Reference in New Issue
Block a user