Reviewed: https://review.openstack.org/424220 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=9844fa1e264fe52276d9bd804b26b518ef3aaa24 Submitter: Jenkins Branch: master
commit 9844fa1e264fe52276d9bd804b26b518ef3aaa24 Author: Morgan Fainberg <[email protected]> Date: Mon Jan 23 08:26:34 2017 -0800 Create user option `ignore_lockout_failure_attempts` Rather than an option list in keystone.conf, leverage the per-user options available via REST APIs, to define whether a user is exempt from being disabled upon too many failed password attempts. Closes-Bug: 1659995 Co-Authored-By: "Steve Martinelli <[email protected]>" Change-Id: I6999343314a9e11a82664cd0db6e56047084fa76 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1659995 Title: stop using per-user id settings in security_compliance Status in OpenStack Identity (keystone): Fix Released Bug description: `password_expires_ignore_user_ids` is a list option in [security_compliance], but this is impractical since any update would require a restart of keystone. instead let's use per-resouce "options" available in the identity database. also, `lockout_ignored_user_ids` is another config option we should remove, but no need to deprecate it since it was introduced in ocata (and will be removed in ocata) To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1659995/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
