ignore_password_expiry is not honored
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
ignore_
keystone.conf:
[cache]
# Global toggle for caching. (boolean value)
enabled = false
[security_
# Configuring password expiration
password_
(demo) samueldmq@
Qua Mai 3 21:41:29 UTC 2017
(demo) samueldmq@
+------
| Field | Value |
+------
| expires | 2017-05-
| id | gAAAAABZCk6NvFE
| project_id | 2a642e78f42f43c
| user_id | 8cff3292355d457
+------
(demo) samueldmq@
+------
| Field | Value |
+------
| domain_id | default |
| enabled | True |
| id | 8cff3292355d457
| name | admin |
| options | {'ignore_
| password_expires_at | 2017-05-
+------
(demo) samueldmq@
Qua Mai 3 21:41:44 UTC 2017
[[ Manually updated system date +1d ]]
(demo) samueldmq@
Qui Mai 4 21:41:55 UTC 2017
(demo) samueldmq@
The password is expired and needs to be changed for user: 8cff3292355d457
Environment:
- Ubuntu 14.04 LTS
- Using virtualenv-15.0.1 with Python 3.5
- keystone master version
- python-
Thanks for the bug report, Sam. Are you able to recreate this using stable/ocata and stable/newton? I think this work went into stable/ocata so it might not be applicable to stable/newton.
Looks like we have test coverage for this case [0]. We should dig into that to figure out why it didn't catch this.
[0] https:/ /github. com/openstack/ keystone/ blob/6b2deb6414 b9440e14e9a0b7b 4b253ee95dbf984 /keystone/ tests/unit/ identity/ test_backend_ sql.py# L682-L707