← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #59173

[Bug 1645487] [NEW] Missing PCI-DSS 8.2.6 requiring users to change their password upon first use

  Thread PreviousDate PreviousThread Next 
Public bug reported:

PCI-DSS 8.2.6 requires that users immediately change their password upon
first use [1]. However, this requirement was missed in the PCI-DSS spec
and implementation [2]. PCI-DSS 8.2.6 needs to be implemented in order
for Keystone to be PCI compliant.

[1] https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf
[2] https://github.com/openstack/keystone-specs/blob/master/specs/keystone/newton/pci-dss.rst

** Affects: keystone
     Importance: Medium
     Assignee: Ron De Rose (ronald-de-rose)
         Status: In Progress

** Changed in: keystone
     Assignee: (unassigned) => Ron De Rose (ronald-de-rose)

** Changed in: keystone
   Importance: Undecided => Medium

** Changed in: keystone
    Milestone: None => ocata-2

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1645487

Title:
  Missing PCI-DSS 8.2.6 requiring users to change their password upon
  first use

Status in OpenStack Identity (keystone):
  In Progress

Bug description:
  PCI-DSS 8.2.6 requires that users immediately change their password
  upon first use [1]. However, this requirement was missed in the PCI-
  DSS spec and implementation [2]. PCI-DSS 8.2.6 needs to be implemented
  in order for Keystone to be PCI compliant.

  [1] https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf
  [2] https://github.com/openstack/keystone-specs/blob/master/specs/keystone/newton/pci-dss.rst

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1645487/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next