yahoo-eng-team team mailing list archive

[bryan <2049559@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

We enabled [security_compliance] in our environment to follow Security
compliance and PCI-DSS requirements, and here is our configuration:

[security_compliance]
lockout_failure_attempts = 3
lockout_duration = 60

My account will be get locked after 3 failure logins, then I tried to
re-login, I got 401 which is Unauthorized instead of AccountLocked as
what we expected.

{
    "error": {
        "code": 401,
        "message": "The request you have made requires authentication.",
        "title": "Unauthorized"
    }
}

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/2049559

Title:
  Keysont implements "AccountLocked" but returns "Unauthorized"

Status in OpenStack Identity (keystone):
  New

Bug description:
  We enabled [security_compliance] in our environment to follow Security
  compliance and PCI-DSS requirements, and here is our configuration:

  [security_compliance]
  lockout_failure_attempts = 3
  lockout_duration = 60

  My account will be get locked after 3 failure logins, then I tried to
  re-login, I got 401 which is Unauthorized instead of AccountLocked as
  what we expected.

  {
      "error": {
          "code": 401,
          "message": "The request you have made requires authentication.",
          "title": "Unauthorized"
      }
  }

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/2049559/+subscriptions