yahoo-eng-team team mailing list archive

[OpenStack Infra <1688119@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.openstack.org/476235
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=080699d9119d89a9a4465f159740df722eb92fa9
Submitter: Jenkins
Branch:    master

commit 080699d9119d89a9a4465f159740df722eb92fa9
Author: Samuel de Medeiros Queiroz <samueldmq@xxxxxxxxx>
Date:   Wed Jun 21 15:52:22 2017 -0400

    Fix PCI DSS docs on change_password_after_first_use
    
    The option is called change_password_upon_first_use,
    not change_password_after_first_use.
    
    Change-Id: I69423b019ec1acade8eeb41c73625084f847b267
    Closes-Bug: #1688119


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1688119

Title:
  change_password_after_first_use is documented but doesn't exist

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  With change_password_after_first_use set to true, new users or users
  whom password got administratively updated should get their
  password_expires_at set to the current time, and password_expires_days
  should not be honored.

  keystone.conf:

  [security_compliance]
  # Configuring password expiration
  password_expires_days = 1
  # Force users to immediately change their password upon first use
  change_password_after_first_use = true

  (demo) samueldmq@workstation:~/workspace$ date -u
  Qua Mai  3 21:24:34 UTC 2017
  (demo) samueldmq@workstation:~/workspace$ openstack user create demo --password demo123 --domain default
  +---------------------+----------------------------------+
  | Field               | Value                            |
  +---------------------+----------------------------------+
  | domain_id           | default                          |
  | enabled             | True                             |
  | id                  | 0d56a461493a43a1aa34b604970800c1 |
  | name                | demo                             |
  | options             | {}                               |
  | password_expires_at | 2017-05-04T21:24:40.000000       |
  +---------------------+----------------------------------+

  (demo) samueldmq@workstation:~/workspace$ date -u
  Qua Mai  3 21:27:47 UTC 2017
  (demo) samueldmq@workstation:~/workspace$ openstack user set demo --password 123demo
  (demo) samueldmq@workstation:~/workspace$ openstack user show demo
  +---------------------+----------------------------------+
  | Field               | Value                            |
  +---------------------+----------------------------------+
  | domain_id           | default                          |
  | enabled             | True                             |
  | id                  | 0d56a461493a43a1aa34b604970800c1 |
  | name                | demo                             |
  | options             | {}                               |
  | password_expires_at | 2017-05-04T21:27:53.000000       |
  +---------------------+----------------------------------+

  Environment:
  - Ubuntu 14.04 LTS
  - Using virtualenv-15.0.1 with Python 3.5
  - keystone master version
  - python-openstackclient master version

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1688119/+subscriptions