[openstack-dev] [openstack][keystone] Is the user password too simple?

Jeremy Stanley fungi at yuggoth.org
Mon Dec 30 15:27:12 UTC 2013


On 2013-12-30 23:15:06 +0800 (+0800), Thomas Goirand wrote:
> On 12/30/2013 02:55 PM, li-zheming wrote:
> [...]
> > I consider that it must be limited when set password, like this:
> >       1. inlcude uppper and lower letters
> >       2. include nums
> >       3. include particular symbol,such as  '_','&'
> >       4. the length>8
> > administor can set the password rule.
[...]
> If you just force me to add upper+lower case and add symbols, then
> you are just annoying me even with my very good passwords.
[...]

I think cracklib (or similar) integration as an optional rule, along
with those listed above, would be great... I'd even say docs should
recommend doing it "the right way" with an entropy checker rule
rather than those other arbitrary checks. However, support for them
is still useful because some operators very well may be hamstrung by
cargo-cult "best practices" requirements like that baked into their
corporate security policies (so they'll need to be able to support
such schemes no matter how backward it might seem).
-- 
Jeremy Stanley



More information about the OpenStack-dev mailing list