Keystone Account Password RulesΒΆ

StarlingX OpenStack enforces a set of strength requirements for new or changed passwords.

By default, the following rules apply:

  • The password must be at least 12 characters long.

  • You cannot reuse the last 5 passwords in history.

  • The password must contain:

    • at least one lower-case character

    • at least one upper-case character

    • at least one numeric character

    • at least one special character

The Keystone service can be configured to use customized password rules. For more information, see the keystone documentation: Configuring password strength requirements.

The steps below can be used as a reference to update the Keystone service via helm-override to customize the password rules and their description.

  1. Create the yaml override file with the following contents:

    conf:
        keystone:
            security_compliance:
                password_regex: ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()<>{}+=_\\\[\]\-?|~`,.;:]).{12,}$
                password_regex_description: Password must have a minimum length of 12 characters, and must contain at least 1 upper case, 1 lower case, 1 digit, and 1 special character
                unique_last_password_count = 5
    
  2. Update the Keystone helm overrides.

    system helm-override-update stx-openstack keystone openstack --reuse-values --values keystone-password-override.yaml
  3. Apply the new overrides.

    system application-apply stx-openstack
  4. Wait for apply to complete.

    watch system application-list