2018-08-20 02:31:34 |
wangxiyuan |
description |
When users changing their password, we hope that they should use a new password instead. But actually now even users provide the same password as it is, the request will still be success.
There is a option "unique_last_password_count" that can limit users password. But the value is 2 at least. It means that it can only forbid users changing password like: pw1 -> pw2 -> pw1. But the case pw1 -> pw1 is not covered.
There are two way to solve the problem IMO:
1. forbid users changing password like pw1 -> pw1 by default in Keystone.
2. Or make "unique_last_password_count"'s minimum to 0. Set to 1 means users can't change password like pw1 -> pw1
The first Option may be better, since in actual use case, changing pw1 to pw1 is stupid and useless. What's more, the ClI has already forbade this action. |
When users changing their password, we hope that they should use a new password instead. But actually now even users provide the same password as it is, the request will still be success.
There is an option "unique_last_password_count" that can limit users password. But the value is 2 at least. It means that it can only forbid users changing password like: pw1 -> pw2 -> pw1. But the case pw1 -> pw1 is not covered.
There are two way to solve the problem IMO:
1. forbid users changing password like pw1 -> pw1 by default in Keystone.
2. Or make "unique_last_password_count"'s minimum to 0. Set to 1 means users can't change password like pw1 -> pw1
The first Option may be better, since in actual use case, changing pw1 to pw1 is stupid and useless. What's more, the ClI has already forbade this action. |
|
2018-08-21 06:29:05 |
wangxiyuan |
description |
When users changing their password, we hope that they should use a new password instead. But actually now even users provide the same password as it is, the request will still be success.
There is an option "unique_last_password_count" that can limit users password. But the value is 2 at least. It means that it can only forbid users changing password like: pw1 -> pw2 -> pw1. But the case pw1 -> pw1 is not covered.
There are two way to solve the problem IMO:
1. forbid users changing password like pw1 -> pw1 by default in Keystone.
2. Or make "unique_last_password_count"'s minimum to 0. Set to 1 means users can't change password like pw1 -> pw1
The first Option may be better, since in actual use case, changing pw1 to pw1 is stupid and useless. What's more, the ClI has already forbade this action. |
The config option "unique_last_password_count" can limit users password history. But the value is 2 at least. (1 means no limit). It means that the user need to change password at least twice. The case "pw1 -> pw2 -> pw1" is not covered.
We should make "unique_last_password_count"'s minimum to 0. Set to 1 means users can't change password like pw1 -> pw1, but can do "pw1 -> pw2 -> pw1". |
|