Bug 1530732
Summary: | Keystone's security_compliance options are not configurable through director | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Juan Antonio Osorio <josorior> |
Component: | puppet-keystone | Assignee: | RHOS Maint <rhos-maint> |
Status: | CLOSED ERRATA | QA Contact: | Prasanth Anbalagan <panbalag> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 13.0 (Queens) | CC: | acanan, alee, dbecker, hrybacki, jjoyce, jschluet, kbasil, mburns, morazi, rhel-osp-director-maint, sclewis, slinaber, tvignaud |
Target Milestone: | beta | Keywords: | Triaged |
Target Release: | 13.0 (Queens) | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | puppet-keystone-12.3.1-0.20180320041258.5eb9a3f.el7ost openstack-tripleo-heat-templates-8.0.2-0.20180327213843.f25e2d8.el7ost puppet-tripleo-8.3.2-0.20180327181745.40b702f.el7ost | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-06-27 13:40:49 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Juan Antonio Osorio
2018-01-03 16:59:44 UTC
Verified on [stack@undercloud-0 usr]$ yum list installed | grep puppet-keystone puppet-keystone.noarch 12.3.1-0.20180320041258.5eb9a3f.el7ost sudo vi ./share/openstack-tripleo-heat-templates/puppet/services/keystone.yaml .. ... .... KeystoneChangePasswordUponFirstUse: type: string default: '' description: >- Enabling this option requires users to change their password when the user is created, or upon administrative reset. constraints: - allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE'] KeystoneDisableUserAccountDaysInactive: type: string default: '' description: >- The maximum number of days a user can go without authenticating before being considered "inactive" and automatically disabled (locked). KeystoneLockoutDuration: type: string default: '' description: >- The number of seconds a user account will be locked when the maximum number of failed authentication attempts (as specified by KeystoneLockoutFailureAttempts) is exceeded. KeystoneLockoutFailureAttempts: type: string default: '' description: >- The maximum number of times that a user can fail to authenticate before the user account is locked for the number of seconds specified by KeystoneLockoutDuration. KeystoneMinimumPasswordAge: type: string default: '' description: >- The number of days that a password must be used before the user can change it. This prevents users from changing their passwords immediately in order to wipe out their password history and reuse an old password. .... ... .. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2018:2086 |