Merge "release notes and config guide new settings"

2016-12-06 01:04:12 +00:00 · 2016-12-06 01:04:12 +00:00 · 934bcffe2c
commit 934bcffe2c
parent 0fc067f481 260a31067d
1 changed files with 33 additions and 0 deletions
--- a/doc/config-reference/source/tables/conf-changes/keystone.rst
+++ b/doc/config-reference/source/tables/conf-changes/keystone.rst
@ -7,6 +7,33 @@ New, updated, and deprecated options in Newton for Identity service
  openstack-doc-tools repository.


+.. list-table:: New options
+   :header-rows: 1
+   :class: config-ref-table
+
+   * - Option = default value
+     - (Type) Help string
+   * - ``[security_compliance] disable_user_account_days_inactive =``
+     - (IntOpt) The maximum number of days a user can go without authenticating before being considered "inactive" and automatically disabled (locked).
+   * - ``[security_compliance] lockout_failure_attempts =``
+     - (IntOpt) The maximum number of times that a user can fail to authenticate before the user account is locked.
+   * - ``[security_compliance] lockout_duration = 1800``
+     - (IntOpt) The number of seconds a user account will be locked when the maximum number of failed authentication attempts is exceeded.
+   * - ``[security_compliance] password_expires_days = <None>``
+     - (IntOpt) The number of days for which a password will be considered valid before requiring it to be changed.
+   * - ``[security_compliance] password_expires_ignore_user_ids =``
+     - (StrOpt) User IDs to be ignored when checking if a password is expired.
+   * - ``[security_compliance] unique_last_password_count = 1``
+     - (IntOpt) Controls the number of previous user password iterations to keep in history, in order to enforce that newly created passwords are unique.
+   * - ``[security_compliance] minimum_password_age = 0``
+     - (IntOpt）The number of days that a password must be used before the user can change it.
+   * - ``[security_compliance] password_regex = <None>``
+     - (StrOpt) Validate password strength requirements.
+   * - ``[security_compliance] password_regex_description = <None>``
+     - (StrOpt) Humans language to describe password regular expression.
+   * - ``[token] cache_on_issue = false``
+     - (BoolOpt) Enable storing issued token data to token validation cache so that first token validation doesn't actually cause full validation cycle.
+

 .. list-table:: Deprecated options
   :header-rows: 1
@ -16,4 +43,10 @@ New, updated, and deprecated options in Newton for Identity service
     - New Option
   * - ``[DEFAULT] use_syslog``
     - ``None``
+   * - ``[endpoint_policy] enabled``
+     - ``None``
+   * - ``[token] hash_algorithm``
+     - ``None``
+   * - ``[os_inherit]``
+     - ``None``