yahoo-eng-team team mailing list archive

[OpenStack Infra <1659995@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.openstack.org/424220
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=9844fa1e264fe52276d9bd804b26b518ef3aaa24
Submitter: Jenkins
Branch:    master

commit 9844fa1e264fe52276d9bd804b26b518ef3aaa24
Author: Morgan Fainberg <morgan.fainberg@xxxxxxxxx>
Date:   Mon Jan 23 08:26:34 2017 -0800

    Create user option `ignore_lockout_failure_attempts`
    
    Rather than an option list in keystone.conf, leverage the
    per-user options available via REST APIs, to define whether
    a user is exempt from being disabled upon too many failed
    password attempts.
    
    Closes-Bug: 1659995
    
    Co-Authored-By: "Steve Martinelli <s.martinelli@xxxxxxxxx>"
    Change-Id: I6999343314a9e11a82664cd0db6e56047084fa76


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1659995

Title:
  stop using per-user id settings in security_compliance

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  `password_expires_ignore_user_ids` is a list option in
  [security_compliance], but this is impractical since any update would
  require a restart of keystone.

  instead let's use per-resouce "options" available in the identity
  database.

  also, `lockout_ignored_user_ids` is another config option we should
  remove, but no need to deprecate it since it was introduced in ocata
  (and will be removed in ocata)

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1659995/+subscriptions