Elisamara Aoki Goncalves a3a3a902f8 Content moved to Keystone Account Password Rules (r6)

Moved content of Update Keystone Service to existing section.

Ref review: https://review.opendev.org/c/starlingx/docs/+/837023

Signed-off-by: Elisamara Aoki Goncalves <elisamaraaoki.goncalves@windriver.com>
Change-Id: Ifc192f0e20a32c76ee28ef7f936efb4ccf3d816e

2022-04-14 15:25:54 -03:00

2.0 KiB

Raw Blame History

Keystone Account Password Rules

enforces a set of strength requirements for new or changed passwords.

By default, the following rules apply:

The password must be at least seven characters long.
You cannot reuse the last 2 passwords in history.
The password must contain:
- at least one lower-case character
- at least one upper-case character
- at least one numeric character
- at least one special character

The Keystone service can be configured to use customized password rules. For more information, see the keystone documentation: Configuring password strength requirements.

The steps below can be used as a reference to update the Keystone service via helm-override to customize the password rules and their description.

Create the yaml override file with the following contents:

conf:
    keystone:
        security_compliance:
            password_regex: ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()<>{}+=_\\\[\]\-?|~`,.;:]).{12,}$
            password_regex_description: Password must have a minimum length of 12 characters, and must contain at least 1 upper case, 1 lower case, 1 digit, and 1 special character
            unique_last_password_count = 5

Update the Keystone helm overrides.

system helm-override-update -openstack keystone openstack --reuse-values --values keystone-password-override.yaml
Apply the new overrides.

system application-apply -openstack
Wait for apply to complete.
```
watch system application-list
```

2.0 KiB Raw Blame History

Keystone Account Password Rules

2.0 KiB

Raw Blame History