716f0feb2f
It provides an easy to exploit DoS opportunity. Change-Id: I3839e9930511ff2d3a6b69bef5ae898d92a21ff1
13 lines
505 B
YAML
13 lines
505 B
YAML
---
|
|
security:
|
|
- |
|
|
When using Keystone, no longer locks users out of their accounts on 3
|
|
unsuccessful attempts to log in. This creates a very trivially exploitable
|
|
denial-of-service issue. Use ``keystone_lockout_security_attempts``
|
|
to re-enable (not recommended).
|
|
features:
|
|
- |
|
|
If ``keystone_lockout_security_attempts`` is enabled, the amount of time
|
|
the account stays locked is now regulated by the new parameter
|
|
``keystone_lockout_duration`` (defaulting to 1800 seconds).
|