yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1461822] Re: Lack of password complexity verification in Keystone

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: David Stanek <dstanek@xxxxxxxxxxx>
Date: Thu, 27 Aug 2015 16:38:07 -0000
Reply-to: Bug 1461822 <1461822@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Marking as WONTFIX because we are actively trying not to build a full
IdP solution into Keystone.

** Changed in: keystone
       Status: Triaged => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1461822

Title:
  Lack of password complexity verification in Keystone

Status in Keystone:
  Won't Fix

Bug description:
  Currently, we can specified an arbitrary string as password when
  creating a user (or updating user's password) by keystone. In normally
  use cases, the user's password shouldn't be weak, because it may cause
  potential security issues.

  Keystone should add a mechanism to perform password complexity
  verification, and to fit different scenarios, this mechanism can be
  enabled or disabled by config option. The checking rules should follow
  the industry general standard.

  There is a similar situation about instance's password in Nova, see
  bug[1] and mail thread[2].

  [1] https://bugs.launchpad.net/nova/+bug/1461431
  [2] http://lists.openstack.org/pipermail/openstack-dev/2015-June/065600.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1461822/+subscriptions

References

[Bug 1461822] [NEW] Lack of password complexity verification in Keystone
From: Liusheng, 2015-06-04