yahoo-eng-team team mailing list archive

[OpenStack Infra <1787874@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.openstack.org/593476
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=34609d557e68020c6a054282c4d206aaa26a0d67
Submitter: Zuul
Branch:    master

commit 34609d557e68020c6a054282c4d206aaa26a0d67
Author: wangxiyuan <wangxiyuan@xxxxxxxxxx>
Date:   Mon Aug 20 11:02:52 2018 +0800

    Change unique_last_password_count default to 0
    
    Changing the default value of unique_last_password_count from
    1 to 0, so that it can handle a case(when set to 1) that the
    password history check only check one previous password.
    
    Change-Id: Id368c99ca4926c995ea47959a6c3a438fffe1823
    Closes-Bug: #1787874


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1787874

Title:
  There is no way to only check once for user password history

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  The config option "unique_last_password_count" can limit users
  password history. But the value is 2 at least. (1 means no limit). It
  means that the user need to change password at least twice. The case
  "pw1 -> pw2 -> pw1" is not covered.

  We should make "unique_last_password_count"'s minimum to 0. Set to 1
  means users can't change password like pw1 -> pw1, but can do "pw1 ->
  pw2 -> pw1".

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1787874/+subscriptions