We've intentionally avoided implementing first class identity provider features in the past because it's a slippery slope to re-implementing things like AD. I certainly don't want to support an AD clone. -- You received this bug notification because you are a member of OpenStack Security, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1461822 Title: Lack of password complexity verification in Keystone Status in OpenStack Identity (Keystone): Triaged Bug description: Currently, we can specified an arbitrary string as password when creating a user (or updating user's password) by keystone. In normally use cases, the user's password shouldn't be weak, because it may cause potential security issues. Keystone should add a mechanism to perform password complexity verification, and to fit different scenarios, this mechanism can be enabled or disabled by config option. The checking rules should follow the industry general standard. There is a similar situation about instance's password in Nova, see bug[1] and mail thread[2]. [1] https://bugs.launchpad.net/nova/+bug/1461431 [2] http://lists.openstack.org/pipermail/openstack-dev/2015-June/065600.html To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1461822/+subscriptions