starlingx/upstream
Code Issues Proposed changes

Enforce "cannot reuse the last 2 passwords" for ks users

Browse Source 
Currently the "unique_last_password_count" attribute in keystone
configuration is set to "2", which enforces "cannot reuse the last
1 passwords" in history instead of "cannot reuse the last 2 passwords"
stated in security document.

This update changed "unique_last_password_count" attribute to "3" so
that keystone users password change rule complies with the document.

Closes-Bug: 1924772
Change-Id: I6a2de54336c7253022d49ecb118a315a7825c889
Signed-off-by: Andy Ning <andy.ning@windriver.com>
This commit is contained in:
Andy Ning 2021-04-26 16:22:26 -04:00
parent 341eb6980c
commit a4046414b6
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openstack/python-keystone/centos/files/password-rules.conf
View File

@ -18,7 +18,7 @@
# feature, values must be greater than 1. This feature depends on the `sql`
# backend for the `[identity] driver`. (integer value)
# Minimum value: 1
unique_last_password_count = 2
unique_last_password_count = 3
# The regular expression used to validate password strength requirements. By
# default, the regular expression will match any password. The following is an