Keystone Account Password RulesΒΆ
StarlingX OpenStack enforces a set of strength requirements for new or changed passwords.
By default, the following rules apply:
The password must be at least 12 characters long.
You cannot reuse the last 5 passwords in history.
The password must contain:
at least one lower-case character
at least one upper-case character
at least one numeric character
at least one special character
The Keystone service can be configured to use customized password rules. For more information, see the keystone documentation: Configuring password strength requirements.
The steps below can be used as a reference to update the Keystone service via
helm-override
to customize the password rules and their description.
Create the yaml override file with the following contents:
conf: keystone: security_compliance: password_regex: ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()<>{}+=_\\\[\]\-?|~`,.;:]).{12,}$ password_regex_description: Password must have a minimum length of 12 characters, and must contain at least 1 upper case, 1 lower case, 1 digit, and 1 special character unique_last_password_count = 5
Update the Keystone helm overrides.
system helm-override-update stx-openstack keystone openstack --reuse-values --values keystone-password-override.yaml
Apply the new overrides.
system application-apply stx-openstack
Wait for apply to complete.
watch system application-list