yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #63772
[Bug 1688123] [NEW] ignore_password_expiry is not honored
Public bug reported:
ignore_password_expiry is set for admin user and is not working
properly. With it set to true, the user should not be affected if their
password has expired.
keystone.conf:
[cache]
# Global toggle for caching. (boolean value)
enabled = false
[security_compliance]
# Configuring password expiration
password_expires_days = 1
(demo) samueldmq@workstation:~/workspace$ date -u
Qua Mai 3 21:41:29 UTC 2017
(demo) samueldmq@workstation:~/workspace$ openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2017-05-03T21:41:53+0000 |
| id | gAAAAABZCk6NvFEKGZuUxYrij80hLxFU3mw0s0qYR8N6ekNZ6vok-Cnto1pDZSSoJ7JJOwDRGUCzNjYCCyHmqx-kllUpcNFDpPU-eC72Ni5PEqlV9ZVFvVjkmnXLp6b2uplacYafyEFbFeHJAfEdOY8hQDgDCqO3zbaOx-FGs4XWDLbVMv5bz8c |
| project_id | 2a642e78f42f43ce8458974e7c6aded4 |
| user_id | 8cff3292355d4571a7cb7c5165c4cc73 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
(demo) samueldmq@workstation:~/workspace$ openstack user show 8cff3292355d4571a7cb7c5165c4cc73
+---------------------+--------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+---------------------+--------------------------------------------------------------------------------------------------------------------------+
| domain_id | default |
| enabled | True |
| id | 8cff3292355d4571a7cb7c5165c4cc73 |
| name | admin |
| options | {'ignore_lockout_failure_attempts': True, 'ignore_password_expiry': True, 'ignore_change_password_upon_first_use': True} |
| password_expires_at | 2017-05-04T21:04:24.000000 |
+---------------------+--------------------------------------------------------------------------------------------------------------------------+
(demo) samueldmq@workstation:~/workspace$ date -u
Qua Mai 3 21:41:44 UTC 2017
[[ Manually updated system date +1d ]]
(demo) samueldmq@workstation:~/workspace$ date -u
Qui Mai 4 21:41:55 UTC 2017
(demo) samueldmq@workstation:~/workspace$ openstack token issue
The password is expired and needs to be changed for user: 8cff3292355d4571a7cb7c5165c4cc73. (HTTP 401) (Request-ID: req-278ccb52-582e-426d-a58d-5ba3a297eeaf)
Environment:
- Ubuntu 14.04 LTS
- Using virtualenv-15.0.1 with Python 3.5
- keystone master version
- python-openstackclient master version
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1688123
Title:
ignore_password_expiry is not honored
Status in OpenStack Identity (keystone):
New
Bug description:
ignore_password_expiry is set for admin user and is not working
properly. With it set to true, the user should not be affected if
their password has expired.
keystone.conf:
[cache]
# Global toggle for caching. (boolean value)
enabled = false
[security_compliance]
# Configuring password expiration
password_expires_days = 1
(demo) samueldmq@workstation:~/workspace$ date -u
Qua Mai 3 21:41:29 UTC 2017
(demo) samueldmq@workstation:~/workspace$ openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2017-05-03T21:41:53+0000 |
| id | gAAAAABZCk6NvFEKGZuUxYrij80hLxFU3mw0s0qYR8N6ekNZ6vok-Cnto1pDZSSoJ7JJOwDRGUCzNjYCCyHmqx-kllUpcNFDpPU-eC72Ni5PEqlV9ZVFvVjkmnXLp6b2uplacYafyEFbFeHJAfEdOY8hQDgDCqO3zbaOx-FGs4XWDLbVMv5bz8c |
| project_id | 2a642e78f42f43ce8458974e7c6aded4 |
| user_id | 8cff3292355d4571a7cb7c5165c4cc73 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
(demo) samueldmq@workstation:~/workspace$ openstack user show 8cff3292355d4571a7cb7c5165c4cc73
+---------------------+--------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+---------------------+--------------------------------------------------------------------------------------------------------------------------+
| domain_id | default |
| enabled | True |
| id | 8cff3292355d4571a7cb7c5165c4cc73 |
| name | admin |
| options | {'ignore_lockout_failure_attempts': True, 'ignore_password_expiry': True, 'ignore_change_password_upon_first_use': True} |
| password_expires_at | 2017-05-04T21:04:24.000000 |
+---------------------+--------------------------------------------------------------------------------------------------------------------------+
(demo) samueldmq@workstation:~/workspace$ date -u
Qua Mai 3 21:41:44 UTC 2017
[[ Manually updated system date +1d ]]
(demo) samueldmq@workstation:~/workspace$ date -u
Qui Mai 4 21:41:55 UTC 2017
(demo) samueldmq@workstation:~/workspace$ openstack token issue
The password is expired and needs to be changed for user: 8cff3292355d4571a7cb7c5165c4cc73. (HTTP 401) (Request-ID: req-278ccb52-582e-426d-a58d-5ba3a297eeaf)
Environment:
- Ubuntu 14.04 LTS
- Using virtualenv-15.0.1 with Python 3.5
- keystone master version
- python-openstackclient master version
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1688123/+subscriptions
Follow ups
