openstack/keystone
Code Issues Proposed changes
717b0243d9
keystone/releasenotes/notes/bp-pci-dss-notifications-808a205a637bac25.yaml
Eric Brown 30d9095d28 Use https for docs.openstack.org references 
The openstack.org pages now support https and our references to
the site should by default be one signed by the organization.

Change-Id: I30a462e03d1fd7852511e22cac34c6bc0e8917f4
2017-01-30 16:05:08 -08:00

23 lines
1.2 KiB
YAML
Raw Blame History

---
features:
- >
[`blueprint pci-dss-notifications <https://blueprints.launchpad.net/keystone/+spec/pci-dss-notifications>`_]
CADF notifications now extend to PCI-DSS events. A ``reason`` object
is added to the notification. A ``reason`` object has both a ``reasonType``
(a short description of the reason) and ``reasonCode`` (the HTTP return code).
The following events will be impacted:
* If a user does not change their passwords at least once every X days.
See ``[security_compliance] password_expires_days``.
* If a user is locked out after many failed authentication attempts.
See ``[security_compliance] lockout_failure_attempts``.
* If a user submits a new password that was recently used. See
``[security_compliance] unique_last_password_count``.
* If a password does not meet the specified criteria. See
``[security_compliance] password_regex``.
* If a user attempts to change their password too often. See
``[security_compliance] minimum_password_age``.
For additional details see:
`event notifications <See https://docs.openstack.org/developer/keystone/event_notifications.html>`_
View Git Blame Copy Permalink