Reviewed: https://review.openstack.org/398571
Committed:
https://git.openstack.org/cgit/openstack/keystone/commit/?id=4f1af9451b7647b37c912629cbb97eacb5047266
Submitter: Jenkins
Branch: master
commit 4f1af9451b7647b37c912629cbb97eacb5047266
Author: Ronald De Rose <ronald.de.r...@intel.com>
Date: Wed Nov 16 20:31:35 2016 +0000
Lockout ignore user list
This patch adds a way for operators to ignore the lockout validation for
specific users, such as service users.
Closes-Bug: #1642348
Change-Id: I9d48578bc6b4f84acbaaa4251b59ffef10d58d8e
** Changed in: keystone
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1642348
Title:
Attack could lockout a service account
Status in OpenStack Identity (keystone):
Fix Released
Bug description:
If security_compliance lockout_failure_attempts is enabled, an
attacker could lockout a service account by repeatedly failing
authentication for that service. For example:
# export OS_USERNAME=nova
# export OS_PASSWORD=fail
# while true; do openstack token issue; done
The nova service would eventually be locked out and would fail
authentication until the lockout duration ended or an admin re-enabled
the user account.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1642348/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
