OpenStack Identity (keystone)

security compliance lockout_failure_attempts does not work properly in yoga keystone

Bug #1996457 reported by Tayebeh Amiri on 2022-11-13

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	New	Undecided	Unassigned

Bug Description

I've installed keystone using this https://docs.openstack.org/keystone/yoga/install/keystone-install-ubuntu.html and I've configured security compliance with lockout_failure_attempts=3. after that I've tried to get the token with the wrong password for more than 3 times. unforunately, the user was not locked. how to know what the problem is?

-----------------------------------
Release: 21.0.1.dev9 on 2019-09-18 18:54:05
SHA: e27f80a0a6a62bf4d0e42f5920d7ca0ebd984717
Source: https://opendev.org/openstack/keystone/src/doc/source/install/keystone-install-ubuntu.rst
URL: https://docs.openstack.org/keystone/yoga/install/keystone-install-ubuntu.html

Tags:

Revision history for this message

Jeremy Stanley (fungi) wrote on 2022-11-14:

After discussing this report with one of the Keystone core reviewers, I'm fairly confident this bug report is a help request and not disclosing an actual security vulnerability, so I've switched it to public now.

information type:

Private Security → Public

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.