[Openstack-security] [Bug 1461431] Re: Enable admin password complexity verification
Markus Zoeller
mzoeller at de.ibm.com
Wed Jun 3 15:42:40 UTC 2015
@Zhenyu Zheng:
Just to double-check, this is not a duplicate to bug 1461433, right?
** Tags added: documentation security
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1461431
Title:
Enable admin password complexity verification
Status in OpenStack Compute (Nova):
New
Status in OpenStack Security Advisories:
Incomplete
Bug description:
When performing actions such as create instances, evacuate instances,
rebuild instances, rescue instances and update instances' admin
password. The complexity of user provided admin password has not been
verified. This can cause security problems.
One solution will be adding a configuration option:
using_complex_admin_password = True, if this option is set in
configure file by administrator, then Nova will perform password
complexity checks, the check standards can be set to following the IT
industry general standard, if the provided admin password is not
complex enough, an exception will be throw. If this option is not set
in configure file, then the complexity check will be skipped.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1461431/+subscriptions
More information about the Openstack-security
mailing list