35 lines
1.7 KiB
Plaintext
35 lines
1.7 KiB
Plaintext
# The password rules captures the [security_compliance]
|
|
# section of the generic Keystone configuration (keystone.conf)
|
|
# This configuration is used to statically define the password
|
|
# rules for password validation in pre-Keystone environments
|
|
#
|
|
# N.B: Only set non-default keys here (default commented configuration
|
|
# items not needed)
|
|
|
|
[security_compliance]
|
|
|
|
#
|
|
# From keystone
|
|
#
|
|
|
|
# This controls the number of previous user password iterations to keep in
|
|
# history, in order to enforce that newly created passwords are unique. Setting
|
|
# the value to one (the default) disables this feature. Thus, to enable this
|
|
# feature, values must be greater than 1. This feature depends on the `sql`
|
|
# backend for the `[identity] driver`. (integer value)
|
|
# Minimum value: 1
|
|
unique_last_password_count = 2
|
|
|
|
# The regular expression used to validate password strength requirements. By
|
|
# default, the regular expression will match any password. The following is an
|
|
# example of a pattern which requires at least 1 letter, 1 digit, and have a
|
|
# minimum length of 7 characters: ^(?=.*\d)(?=.*[a-zA-Z]).{7,}$ This feature
|
|
# depends on the `sql` backend for the `[identity] driver`. (string value)
|
|
password_regex = ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()<>{}+=_\\\[\]\-?|~`,.;:]).{7,}$
|
|
|
|
# Describe your password regular expression here in language for humans. If a
|
|
# password fails to match the regular expression, the contents of this
|
|
# configuration variable will be returned to users to explain why their
|
|
# requested password was insufficient. (string value)
|
|
password_regex_description = Password must have a minimum length of 7 characters, and must contain at least 1 upper case, 1 lower case, 1 digit, and 1 special character
|