On Wed, Jun 3, 2015 at 6:49 AM, David Stanek <[email protected]> wrote:
> > On Wed, Jun 3, 2015 at 6:04 AM liusheng <[email protected]> wrote: > >> Thanks for this topic, also, I think it is similar situation when >> talking about keystone users, not only the instances's password. >> >> > In the past we've talked about having more advanced password management > features in Keystone (complexity checks, rotation, etc). The end result is > that we are not adding them because we would like to get away from managing > users in Keystone that way. Instead we are pushing for users to integrate > Keystone with more fully featured identity products. > > We typically reject it for our SQL backend implementation since there are other ways to configure the Keystone that support the functionality already. You can configure keystone to use an LDAP backend or you can use federation. So there's no reason for us to re-implement and support all this functionality. That said, if there was a python library that did password complexity validation that nova was using and it only required a couple of lines of code in keystone to support it I wouldn't be against it. - Brant
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
