starlingx/docs
Code Issues Proposed changes
Files
e2ca37acad5cbbdfd264d350b5052d238f1afe11
docs/doc/source/security/openstack/security-system-account-password-rules.rst
Elisamara Aoki Goncalves f85f77229a Password rules enhancement 
Story: 2011084
Task: 50154

Change-Id: I34a70e6f2a68cb6617a16931f04edc92ccff0a93
Signed-off-by: Elisamara Aoki Goncalves <elisamaraaoki.goncalves@windriver.com>
2024-06-12 17:06:59 +00:00

68 lines
2.0 KiB
ReStructuredText
Raw Blame History

.. tfb1485354135500
.. _security-system-account-password-rules:
===============================
Keystone Account Password Rules
===============================
|prod-os| enforces a set of strength requirements for new or changed passwords.
By default, the following rules apply:
.. _security-system-account-password-rules-ul-jwb-g15-zw:
- The password must be at least 12 characters long.
- You cannot reuse the last 5 passwords in history.
- The password must contain:
- at least one lower-case character
- at least one upper-case character
- at least one numeric character
- at least one special character
The Keystone service can be configured to use customized password rules. For
more information, see the keystone documentation: `Configuring password
strength requirements
<https://docs.openstack.org/keystone/2023.1/admin/configuration.html#configuring-password-strength-requirements>`__.
The steps below can be used as a reference to update the Keystone service via
``helm-override`` to customize the password rules and their description.
#. Create the yaml override file with the following contents:
.. code-block:: none
conf:
keystone:
security_compliance:
password_regex: ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()<>{}+=_\\\[\]\-?|~`,.;:]).{12,}$
password_regex_description: Password must have a minimum length of 12 characters, and must contain at least 1 upper case, 1 lower case, 1 digit, and 1 special character
unique_last_password_count = 5
#. Update the Keystone helm overrides.
.. parsed-literal::
system helm-override-update |prefix|-openstack keystone openstack --reuse-values --values keystone-password-override.yaml
#. Apply the new overrides.
.. parsed-literal::
system application-apply |prefix|-openstack
#. Wait for apply to complete.
.. code-block:: none
watch system application-list
View Git Blame Copy Permalink