OpenStack Identity (keystone)

PCI-DSS Query Password Expired Users

Registered by Gage Hugo

Currently, when using the `keystone.conf [security_compliance] password_expires_days` value, when a user's password expires and then must be reset by an administrator, there is no way to query a list of users who are in this state of password expiration. This blueprint proposes to add either an endpoint or query to find a list of users who's password has expired.

Blueprint information

Status:
Complete
Approver:
Steve Martinelli
Priority:
Medium
Drafter:
Gage Hugo
Direction:
Approved
Assignee:
Samuel Pilla
Definition:
Approved
Series goal:
Accepted for ocata
Implementation:
Implemented
Milestone target:
milestone icon ocata-3
Started by
Steve Martinelli
Completed by
Steve Martinelli

Related branches

Sprints

Whiteboard

Spec: https://review.openstack.org/#/c/383832/

Gerrit topic: https://review.openstack.org/#q,topic:bp/pci-dss-query-password-expired-users,n,z

Addressed by: https://review.openstack.org/403898
    Add password expiration queries for PCI-DSS

Addressed by: https://review.openstack.org/405574
    API Documentation for user password expires

Addressed by: https://review.openstack.org/409923
    Revert "API Documentation for user password expires"

Addressed by: https://review.openstack.org/409936
    API Documentation for user password expires

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.