Elisamara Aoki Goncalves f85f77229a Password rules enhancement

Story: 2011084
Task: 50154

Change-Id: I34a70e6f2a68cb6617a16931f04edc92ccff0a93
Signed-off-by: Elisamara Aoki Goncalves <elisamaraaoki.goncalves@windriver.com>

2024-06-12 17:06:59 +00:00

2.0 KiB

Raw Blame History

Keystone Account Password Rules

enforces a set of strength requirements for new or changed passwords.

By default, the following rules apply:

The password must be at least 12 characters long.
You cannot reuse the last 5 passwords in history.
The password must contain:
- at least one lower-case character
- at least one upper-case character
- at least one numeric character
- at least one special character

The Keystone service can be configured to use customized password rules. For more information, see the keystone documentation: Configuring password strength requirements.

The steps below can be used as a reference to update the Keystone service via helm-override to customize the password rules and their description.

Create the yaml override file with the following contents:

conf:
    keystone:
        security_compliance:
            password_regex: ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()<>{}+=_\\\[\]\-?|~`,.;:]).{12,}$
            password_regex_description: Password must have a minimum length of 12 characters, and must contain at least 1 upper case, 1 lower case, 1 digit, and 1 special character
            unique_last_password_count = 5

Update the Keystone helm overrides.

system helm-override-update -openstack keystone openstack --reuse-values --values keystone-password-override.yaml
Apply the new overrides.

system application-apply -openstack
Wait for apply to complete.
```
watch system application-list
```

2.0 KiB Raw Blame History

Keystone Account Password Rules

2.0 KiB

Raw Blame History