[Openstack-security] [Bug 1461822] Re: Lack of password complexity verification in Keystone
Liusheng
liusheng at huawei.com
Fri Jun 5 02:45:39 UTC 2015
Hi Lance Bragstad, thanks for confirming this, so can I submit a spec
about adding a mechanism about password complexity? that will propose a
optional password managing process and will wait other reviewers'
opinions.
** Changed in: keystone
Assignee: (unassigned) => Liusheng (liusheng)
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1461822
Title:
Lack of password complexity verification in Keystone
Status in OpenStack Identity (Keystone):
Triaged
Bug description:
Currently, we can specified an arbitrary string as password when
creating a user (or updating user's password) by keystone. In normally
use cases, the user's password shouldn't be weak, because it may cause
potential security issues.
Keystone should add a mechanism to perform password complexity
verification, and to fit different scenarios, this mechanism can be
enabled or disabled by config option. The checking rules should follow
the industry general standard.
There is a similar situation about instance's password in Nova, see
bug[1] and mail thread[2].
[1] https://bugs.launchpad.net/nova/+bug/1461431
[2] http://lists.openstack.org/pipermail/openstack-dev/2015-June/065600.html
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1461822/+subscriptions
More information about the Openstack-security
mailing list