Require/enforce strong admin/users passwords in built-in Identity Service
Currently default Keystone Identity Service configuration (authentication using username and password, SQL Database) allows users/admins to select any user account password phrase (i.e. 1, 123, abc).
Although for Organizations that desire to enforce stronger password policies could consider using Keystone Identity Service Extensions or external authentication services; the built-in/default configuration should inlcude minimum enforcement/
The goal of this blueprint is then for Keystone default Identity Service/
Initially it may be established a set of common rules as the ones defined in here:
https:/
and to be implemented i.e. using respective regular expressions.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Not
- Drafter:
- Cristian Fiorentino
- Direction:
- Needs approval
- Assignee:
- Cristian Fiorentino
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
- Not started
- Milestone target:
- None
- Started by
- Completed by
- Morgan Fainberg
Related branches
Related bugs
Sprints
Whiteboard
The outcome of this summit session was that we need to focus on isolating keystone's IdP featureset before pursuing featureset evolution:
https:/
(morganfainberg): This likely is part of the large conversation of splitting the IDP out of keystone and/or focus on relying on external (read: better/full featured) IDPs.