[Openstack-security] [Bug 1461431] Re: Enable admin password complexity verification
Zhenyu Zheng
zhengzhenyu at huawei.com
Thu Jun 4 00:08:52 UTC 2015
@Markus Zoeller:
Yes, This one is about check user provided password and bug 1461433 is
about adding a stronger symbol group for auto generated passwords. Thank
you
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1461431
Title:
Enable admin password complexity verification
Status in OpenStack Compute (Nova):
New
Status in OpenStack Security Advisories:
Incomplete
Bug description:
When performing actions such as create instances, evacuate instances,
rebuild instances, rescue instances and update instances' admin
password. The complexity of user provided admin password has not been
verified. This can cause security problems.
One solution will be adding a configuration option:
using_complex_admin_password = True, if this option is set in
configure file by administrator, then Nova will perform password
complexity checks, the check standards can be set to following the IT
industry general standard, if the provided admin password is not
complex enough, an exception will be throw. If this option is not set
in configure file, then the complexity check will be skipped.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1461431/+subscriptions
More information about the Openstack-security
mailing list