Browse Source

release notes and config guide new settings

OpenStack operators and folks who automate openstack deployments with
tools like puppet rely on the release notes and config guides to
highlight new, changed, deleted, and deprecated config options.

Change-Id: I15abb241af8a41edc3dd3850b08be4ab7a31c9c5
Closes-bug:#1640504
tags/15.0.0
jolie 3 years ago
parent
commit
260a31067d
1 changed files with 33 additions and 0 deletions
  1. +33
    -0
      doc/config-reference/source/tables/conf-changes/keystone.rst

+ 33
- 0
doc/config-reference/source/tables/conf-changes/keystone.rst View File

@@ -7,6 +7,33 @@ New, updated, and deprecated options in Newton for Identity service
openstack-doc-tools repository.


.. list-table:: New options
:header-rows: 1
:class: config-ref-table

* - Option = default value
- (Type) Help string
* - ``[security_compliance] disable_user_account_days_inactive =``
- (IntOpt) The maximum number of days a user can go without authenticating before being considered "inactive" and automatically disabled (locked).
* - ``[security_compliance] lockout_failure_attempts =``
- (IntOpt) The maximum number of times that a user can fail to authenticate before the user account is locked.
* - ``[security_compliance] lockout_duration = 1800``
- (IntOpt) The number of seconds a user account will be locked when the maximum number of failed authentication attempts is exceeded.
* - ``[security_compliance] password_expires_days = <None>``
- (IntOpt) The number of days for which a password will be considered valid before requiring it to be changed.
* - ``[security_compliance] password_expires_ignore_user_ids =``
- (StrOpt) User IDs to be ignored when checking if a password is expired.
* - ``[security_compliance] unique_last_password_count = 1``
- (IntOpt) Controls the number of previous user password iterations to keep in history, in order to enforce that newly created passwords are unique.
* - ``[security_compliance] minimum_password_age = 0``
- (IntOpt)The number of days that a password must be used before the user can change it.
* - ``[security_compliance] password_regex = <None>``
- (StrOpt) Validate password strength requirements.
* - ``[security_compliance] password_regex_description = <None>``
- (StrOpt) Humans language to describe password regular expression.
* - ``[token] cache_on_issue = false``
- (BoolOpt) Enable storing issued token data to token validation cache so that first token validation doesn't actually cause full validation cycle.


.. list-table:: Deprecated options
:header-rows: 1
@@ -16,4 +43,10 @@ New, updated, and deprecated options in Newton for Identity service
- New Option
* - ``[DEFAULT] use_syslog``
- ``None``
* - ``[endpoint_policy] enabled``
- ``None``
* - ``[token] hash_algorithm``
- ``None``
* - ``[os_inherit]``
- ``None``


Loading…
Cancel
Save