yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #74338
[Bug 1787874] [NEW] There is no way to forbid users changing password to itself
Public bug reported:
When users changing their password, we hope that they should use a new
password instead. But actually now even users provide the same password
as it is, the request will still be success.
There is an option "unique_last_password_count" that can limit users
password. But the value is 2 at least. It means that it can only forbid
users changing password like: pw1 -> pw2 -> pw1. But the case pw1 -> pw1
is not covered.
There are two way to solve the problem IMO:
1. forbid users changing password like pw1 -> pw1 by default in Keystone.
2. Or make "unique_last_password_count"'s minimum to 0. Set to 1 means users can't change password like pw1 -> pw1
The first Option may be better, since in actual use case, changing pw1
to pw1 is stupid and useless. What's more, the ClI has already forbade
this action.
** Affects: keystone
Importance: Undecided
Assignee: wangxiyuan (wangxiyuan)
Status: New
** Changed in: keystone
Assignee: (unassigned) => wangxiyuan (wangxiyuan)
** Description changed:
When users changing their password, we hope that they should use a new
password instead. But actually now even users provide the same password
as it is, the request will still be success.
- There is a option "unique_last_password_count" that can limit users
+ There is an option "unique_last_password_count" that can limit users
password. But the value is 2 at least. It means that it can only forbid
users changing password like: pw1 -> pw2 -> pw1. But the case pw1 -> pw1
is not covered.
There are two way to solve the problem IMO:
1. forbid users changing password like pw1 -> pw1 by default in Keystone.
2. Or make "unique_last_password_count"'s minimum to 0. Set to 1 means users can't change password like pw1 -> pw1
The first Option may be better, since in actual use case, changing pw1
to pw1 is stupid and useless. What's more, the ClI has already forbade
this action.
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1787874
Title:
There is no way to forbid users changing password to itself
Status in OpenStack Identity (keystone):
New
Bug description:
When users changing their password, we hope that they should use a new
password instead. But actually now even users provide the same
password as it is, the request will still be success.
There is an option "unique_last_password_count" that can limit users
password. But the value is 2 at least. It means that it can only
forbid users changing password like: pw1 -> pw2 -> pw1. But the case
pw1 -> pw1 is not covered.
There are two way to solve the problem IMO:
1. forbid users changing password like pw1 -> pw1 by default in Keystone.
2. Or make "unique_last_password_count"'s minimum to 0. Set to 1 means users can't change password like pw1 -> pw1
The first Option may be better, since in actual use case, changing pw1
to pw1 is stupid and useless. What's more, the ClI has already forbade
this action.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1787874/+subscriptions
Follow ups
