[openstack-dev] [openstack][keystone] Is the user password too simple?

Brant Knudson blk at acm.org
Mon Dec 30 19:15:33 UTC 2013

On Mon, Dec 30, 2013 at 12:55 AM, li-zheming <li-zheming at 163.com> wrote:

> hi all:
>       when create user, you can set user password. You can set password as
> a simple word 'a'. the
> password is too simple but not limit. if someone want to steal your
> password, it is so easily(such as exhaustion).
> I consider that it must be limited when set password, like this:
>       1. inlcude uppper and lower letters
>       2. include nums
>       3. include particular symbol,such as  '_','&'
>       4. the length>8
> administor can set the password rule.
> I want to  provide a BP about  this issue. can you give me some advice or
> ideas??
> thanks!
> lizheming
I'd prefer it if we didn't reinvent this wheel ourselves. If customers need
to enforce password strength, expiration, history, user lockout, etc, then
they should store users in an LDAP directory that supports these things and
configure Keystone to use that.

- Brant
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131230/1e996c35/attachment.html>

More information about the OpenStack-dev mailing list