yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #63771
[Bug 1688119] [NEW] change_password_after_first_use is not honored
Public bug reported:
With change_password_after_first_use set to true, new users or users
whom password got administratively updated should get their
password_expires_at set to the current time, and password_expires_days
should not be honored.
keystone.conf:
[security_compliance]
# Configuring password expiration
password_expires_days = 1
# Force users to immediately change their password upon first use
change_password_after_first_use = true
(demo) samueldmq@workstation:~/workspace$ date -u
Qua Mai 3 21:24:34 UTC 2017
(demo) samueldmq@workstation:~/workspace$ openstack user create demo --password demo123 --domain default
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 0d56a461493a43a1aa34b604970800c1 |
| name | demo |
| options | {} |
| password_expires_at | 2017-05-04T21:24:40.000000 |
+---------------------+----------------------------------+
(demo) samueldmq@workstation:~/workspace$ date -u
Qua Mai 3 21:27:47 UTC 2017
(demo) samueldmq@workstation:~/workspace$ openstack user set demo --password 123demo
(demo) samueldmq@workstation:~/workspace$ openstack user show demo
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 0d56a461493a43a1aa34b604970800c1 |
| name | demo |
| options | {} |
| password_expires_at | 2017-05-04T21:27:53.000000 |
+---------------------+----------------------------------+
Environment:
- Ubuntu 14.04 LTS
- Using virtualenv-15.0.1 with Python 3.5
- keystone master version
- python-openstackclient master version
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1688119
Title:
change_password_after_first_use is not honored
Status in OpenStack Identity (keystone):
New
Bug description:
With change_password_after_first_use set to true, new users or users
whom password got administratively updated should get their
password_expires_at set to the current time, and password_expires_days
should not be honored.
keystone.conf:
[security_compliance]
# Configuring password expiration
password_expires_days = 1
# Force users to immediately change their password upon first use
change_password_after_first_use = true
(demo) samueldmq@workstation:~/workspace$ date -u
Qua Mai 3 21:24:34 UTC 2017
(demo) samueldmq@workstation:~/workspace$ openstack user create demo --password demo123 --domain default
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 0d56a461493a43a1aa34b604970800c1 |
| name | demo |
| options | {} |
| password_expires_at | 2017-05-04T21:24:40.000000 |
+---------------------+----------------------------------+
(demo) samueldmq@workstation:~/workspace$ date -u
Qua Mai 3 21:27:47 UTC 2017
(demo) samueldmq@workstation:~/workspace$ openstack user set demo --password 123demo
(demo) samueldmq@workstation:~/workspace$ openstack user show demo
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 0d56a461493a43a1aa34b604970800c1 |
| name | demo |
| options | {} |
| password_expires_at | 2017-05-04T21:27:53.000000 |
+---------------------+----------------------------------+
Environment:
- Ubuntu 14.04 LTS
- Using virtualenv-15.0.1 with Python 3.5
- keystone master version
- python-openstackclient master version
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1688119/+subscriptions
Follow ups
