Allow exempting users from certain PCI-DSS requirements in Clarity
Keystone supports marking users as exempt from the following security requirements:
* [Authentication lockout failure limit|https://docs.openstack.org/keystone/pike/admin/identity-security-compliance.html#setting-an-account-lockout-threshold]
* [Force users to change password upon first use|https://docs.openstack.org/keystone/pike/admin/identity-security-compliance.html#force-users-to-change-password-upon-first-use]
* [Password expiration after X days|https://docs.openstack.org/keystone/pike/admin/identity-security-compliance.html#configuring-password-expiration]
Clarity should support marking users as exempt from these requirements in both the New User and Edit User workflows.
*PATCH /v3/users/{user_id}*
{code:json}
{
"user": {
"options": {
"ignore_change_password_upon_first_use": true,
"ignore_lockout_failure_attempts": true,
"ignore_password_expiry": true
}
}
}
{code}
* [Authentication lockout failure limit|https://docs.openstack.org/keystone/pike/admin/identity-security-compliance.html#setting-an-account-lockout-threshold]
* [Force users to change password upon first use|https://docs.openstack.org/keystone/pike/admin/identity-security-compliance.html#force-users-to-change-password-upon-first-use]
* [Password expiration after X days|https://docs.openstack.org/keystone/pike/admin/identity-security-compliance.html#configuring-password-expiration]
Clarity should support marking users as exempt from these requirements in both the New User and Edit User workflows.
*PATCH /v3/users/{user_id}*
{code:json}
{
"user": {
"options": {
"ignore_change_password_upon_first_use": true,
"ignore_lockout_failure_attempts": true,
"ignore_password_expiry": true
}
}
}
{code}
-
Guest
- Jun 3 2019
Related ideas
