Comment 0 for bug 1838100

Brief Description
-----------------
platform keystone account lockout feature is disabled.
Note that in stx-openstack keystone, this is enabled properly. I would expect the platform keystone to be at least as secure as the containerized keystone.

To enable this feature, account lockout values need to be set in platform /etc/keystone/keystone.conf.
openstack link to this feature:
https://docs.openstack.org/tripleo-docs/latest/install/advanced_deployment/keystone_security_compliance.html

Severity
--------
Major

Steps to Reproduce
------------------
TC-name: test_keystone_user_password_rules
1. Create a platform keystone user and assign role to it
2. Run openstack command with this user using correct password, and ensure it works
3. Run openstack command with this user using incorrect password multiple times (5+)
4. Run openstack command with this user using correct password again

Expected Behavior
------------------
3. User should be locked out
4. openstack command fail to execute even with the correct password due to account lockout

Actual Behavior
----------------
3. Account is not locked
4. openstack command ran successfully

Reproducibility
---------------
Reproducible

System Configuration
--------------------
Any

Branch/Pull Time/Commit
-----------------------
stx master as of "20190726T013000Z"

Last Pass
---------
Unknown.
Previous keystone testing was against stx-openstack, which works as expected.
After adding similar tests for platform keystone, this issue is uncovered.

Timestamp/Logs
--------------
This is very easy to reproduce

Test Activity
-------------
Regression Testing