keystone/releasenotes/notes/bp-pci-dss-notifications-80...

23 lines
1.2 KiB
YAML

---
features:
- >
[`blueprint pci-dss-notifications <https://blueprints.launchpad.net/keystone/+spec/pci-dss-notifications>`_]
CADF notifications now extend to PCI-DSS events. A ``reason`` object
is added to the notification. A ``reason`` object has both a ``reasonType``
(a short description of the reason) and ``reasonCode`` (the HTTP return code).
The following events will be impacted:
* If a user does not change their passwords at least once every X days.
See ``[security_compliance] password_expires_days``.
* If a user is locked out after many failed authentication attempts.
See ``[security_compliance] lockout_failure_attempts``.
* If a user submits a new password that was recently used. See
``[security_compliance] unique_last_password_count``.
* If a password does not meet the specified criteria. See
``[security_compliance] password_regex``.
* If a user attempts to change their password too often. See
``[security_compliance] minimum_password_age``.
For additional details see:
`event notifications <See https://docs.openstack.org/developer/keystone/event_notifications.html>`_