26 lines
1.0 KiB
YAML
26 lines
1.0 KiB
YAML
---
|
|
fixes:
|
|
- |
|
|
[`bug 1659995 <https://bugs.launchpad.net/keystone/+bug/1659995>`_]
|
|
New options have been made available via the user create and update API
|
|
(``POST/PATCH /v3/users``) call, the options will allow an admin to
|
|
mark users as exempt from certain PCI requirements via an API.
|
|
|
|
Set the following user attributes to ``True`` or ``False`` in an API request.
|
|
To mark a user as exempt from the PCI password lockout policy::
|
|
|
|
user['options']['ignore_lockout_failure_attempts']
|
|
|
|
To mark a user as exempt from the PCI password expiry policy::
|
|
|
|
user['options']['ignore_password_expiry']
|
|
|
|
To mark a user as exempt from the PCI reset policy::
|
|
|
|
user['options']['ignore_change_password_upon_first_use']
|
|
deprecations:
|
|
- |
|
|
[`bug 1659995 <https://bugs.launchpad.net/keystone/+bug/1659995>`_]
|
|
The config option ``[security_compliance] password_expires_ignore_user_ids``
|
|
has been deprecated in favor of using the option value set, available via
|
|
the user create and update API call |