[Openstack-security] [Bug 1461431] Re: Enable admin password complexity verification
Tony Breeds
tony at bakeyournoodle.com
Wed Jul 1 01:42:31 UTC 2015
** Changed in: nova
Importance: Undecided => Wishlist
** Changed in: nova
Status: New => Incomplete
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1461431
Title:
Enable admin password complexity verification
Status in OpenStack Compute (Nova):
Incomplete
Status in OpenStack Security Advisories:
Won't Fix
Bug description:
When performing actions such as create instances, evacuate instances,
rebuild instances, rescue instances and update instances' admin
password. The complexity of user provided admin password has not been
verified. This can cause security problems.
One solution will be adding a configuration option:
using_complex_admin_password = True, if this option is set in
configure file by administrator, then Nova will perform password
complexity checks, the check standards can be set to following the IT
industry general standard, if the provided admin password is not
complex enough, an exception will be throw. If this option is not set
in configure file, then the complexity check will be skipped.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1461431/+subscriptions
More information about the Openstack-security
mailing list