Missing PCI-DSS 8.2.6 requiring users to change their password upon first use
Bug #1645487 reported by
Ron De Rose
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Ron De Rose |
Bug Description
PCI-DSS 8.2.6 requires that users immediately change their password upon first use [1]. However, this requirement was missed in the PCI-DSS spec and implementation [2]. PCI-DSS 8.2.6 needs to be implemented in order for Keystone to be PCI compliant.
[1] https:/
[2] https:/
Changed in keystone: | |
assignee: | nobody → Ron De Rose (ronald-de-rose) |
importance: | Undecided → Medium |
milestone: | none → ocata-2 |
Changed in keystone: | |
status: | New → In Progress |
Changed in keystone: | |
milestone: | ocata-2 → ocata-3 |
Changed in keystone: | |
assignee: | Ron De Rose (ronald-de-rose) → Steve Martinelli (stevemar) |
Changed in keystone: | |
assignee: | Steve Martinelli (stevemar) → Ron De Rose (ronald-de-rose) |
Changed in keystone: | |
milestone: | ocata-3 → ocata-rc1 |
To post a comment you must log in.
Patch: https:/ /review. openstack. org/#/c/ 403916/