[openstack-dev] [nova][security] Enable user password complexity verification

Brant Knudson blk at acm.org
Fri Jun 5 14:01:57 UTC 2015

On Wed, Jun 3, 2015 at 6:49 AM, David Stanek <dstanek at dstanek.com> wrote:

> On Wed, Jun 3, 2015 at 6:04 AM liusheng <liusheng1175 at 126.com> wrote:
>>  Thanks for this topic, also, I think it is similar situation when
>> talking about keystone users, not only the instances's password.
> In the past we've talked about having more advanced password management
> features in Keystone (complexity checks, rotation, etc). The end result is
> that we are not adding them because we would like to get away from managing
> users in Keystone that way. Instead we are pushing for users to integrate
> Keystone with more fully featured identity products.

We typically reject it for our SQL backend implementation since there are
other ways to configure the Keystone that support the functionality
already. You can configure keystone to use an LDAP backend or you can use
federation. So there's no reason for us to re-implement and support all
this functionality.

That said, if there was a python library that did password complexity
validation that nova was using and it only required a couple of lines of
code in keystone to support it I wouldn't be against it.

- Brant
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150605/be673413/attachment.html>

More information about the OpenStack-dev mailing list