Marking this as Wishlist for now but I agree with David's response [0]. [0] http://lists.openstack.org/pipermail/openstack-dev/2015-June/065622.html ** Changed in: keystone Importance: Undecided => Wishlist -- You received this bug notification because you are a member of OpenStack Security, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1461822 Title: Lack of password complexity verification in Keystone Status in OpenStack Identity (Keystone): New Bug description: Currently, we can specified an arbitrary string as password when creating a user (or updating user's password) by keystone. In normally use cases, the user's password shouldn't be weak, because it may cause potential security issues. Keystone should add a mechanism to perform password complexity verification, and to fit different scenarios, this mechanism can be enabled or disabled by config option. The checking rules should follow the industry general standard. There is a similar situation about instance's password in Nova, see bug[1] and mail thread[2]. [1] https://bugs.launchpad.net/nova/+bug/1461431 [2] http://lists.openstack.org/pipermail/openstack-dev/2015-June/065600.html To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1461822/+subscriptions