keystone/releasenotes/notes/bug-1659995-f3e716de743b729...

26 lines
1.0 KiB
YAML

---
fixes:
- |
[`bug 1659995 <https://bugs.launchpad.net/keystone/+bug/1659995>`_]
New options have been made available via the user create and update API
(``POST/PATCH /v3/users``) call, the options will allow an admin to
mark users as exempt from certain PCI requirements via an API.
Set the following user attributes to ``True`` or ``False`` in an API request.
To mark a user as exempt from the PCI password lockout policy::
user['options']['ignore_lockout_failure_attempts']
To mark a user as exempt from the PCI password expiry policy::
user['options']['ignore_password_expiry']
To mark a user as exempt from the PCI reset policy::
user['options']['ignore_change_password_upon_first_use']
deprecations:
- |
[`bug 1659995 <https://bugs.launchpad.net/keystone/+bug/1659995>`_]
The config option ``[security_compliance] password_expires_ignore_user_ids``
has been deprecated in favor of using the option value set, available via
the user create and update API call