Keystone should add password_status attribute to user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Keystone should add password_status attribute to user. Status may include: expired, expire_soon, locked.
expired/
Keystone should warn about user's password being expired or will be expire soon(7 days later or configurable). An administrator can list all the users to see if their password are expired or going to expire soon, then show it on some management UI or send email to them.
locked:
When a user's password is locked, keystone should show it via the user information. Since keystone has fixed an user guessing security vulnerability(
By adding a "locked" password status to user info, a login UI can decide if the authentication failure is caused by invalid password or password lock.
This seems like a request for enhancement instead of a bug. Please submit this as a spec to the keystone-spec repo:
https:/ /opendev. org/openstack/ keystone- specs