Include bad password details in audit messages
Bug #2060972 reported by
Boris Bobrov
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
New
|
Undecided
|
Unassigned |
Bug Description
PCI DSS requires operators to analyze failed login attemps, for example, to catch bruteforce or password stuffing attacks. To achieve that, allow keystone to report details about the bad credentials used in the failed authentication attempts.
To post a comment you must log in.