Public bug reported:
ignore_password_expiry is set for admin user and is not working
properly. With it set to true, the user should not be affected if their
password has expired.
keystone.conf:
[cache]
# Global toggle for caching. (boolean value)
enabled = false
[security_compliance]
# Configuring password expiration
password_expires_days = 1
(demo) samueldmq@workstation:~/workspace$ date -u
Qua Mai 3 21:41:29 UTC 2017
(demo) samueldmq@workstation:~/workspace$ openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value
|
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2017-05-03T21:41:53+0000
|
| id |
gAAAAABZCk6NvFEKGZuUxYrij80hLxFU3mw0s0qYR8N6ekNZ6vok-Cnto1pDZSSoJ7JJOwDRGUCzNjYCCyHmqx-kllUpcNFDpPU-eC72Ni5PEqlV9ZVFvVjkmnXLp6b2uplacYafyEFbFeHJAfEdOY8hQDgDCqO3zbaOx-FGs4XWDLbVMv5bz8c
|
| project_id | 2a642e78f42f43ce8458974e7c6aded4
|
| user_id | 8cff3292355d4571a7cb7c5165c4cc73
|
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
(demo) samueldmq@workstation:~/workspace$ openstack user show
8cff3292355d4571a7cb7c5165c4cc73
+---------------------+--------------------------------------------------------------------------------------------------------------------------+
| Field | Value
|
+---------------------+--------------------------------------------------------------------------------------------------------------------------+
| domain_id | default
|
| enabled | True
|
| id | 8cff3292355d4571a7cb7c5165c4cc73
|
| name | admin
|
| options | {'ignore_lockout_failure_attempts': True,
'ignore_password_expiry': True, 'ignore_change_password_upon_first_use': True} |
| password_expires_at | 2017-05-04T21:04:24.000000
|
+---------------------+--------------------------------------------------------------------------------------------------------------------------+
(demo) samueldmq@workstation:~/workspace$ date -u
Qua Mai 3 21:41:44 UTC 2017
[[ Manually updated system date +1d ]]
(demo) samueldmq@workstation:~/workspace$ date -u
Qui Mai 4 21:41:55 UTC 2017
(demo) samueldmq@workstation:~/workspace$ openstack token issue
The password is expired and needs to be changed for user:
8cff3292355d4571a7cb7c5165c4cc73. (HTTP 401) (Request-ID:
req-278ccb52-582e-426d-a58d-5ba3a297eeaf)
Environment:
- Ubuntu 14.04 LTS
- Using virtualenv-15.0.1 with Python 3.5
- keystone master version
- python-openstackclient master version
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1688123
Title:
ignore_password_expiry is not honored
Status in OpenStack Identity (keystone):
New
Bug description:
ignore_password_expiry is set for admin user and is not working
properly. With it set to true, the user should not be affected if
their password has expired.
keystone.conf:
[cache]
# Global toggle for caching. (boolean value)
enabled = false
[security_compliance]
# Configuring password expiration
password_expires_days = 1
(demo) samueldmq@workstation:~/workspace$ date -u
Qua Mai 3 21:41:29 UTC 2017
(demo) samueldmq@workstation:~/workspace$ openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value
|
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2017-05-03T21:41:53+0000
|
| id |
gAAAAABZCk6NvFEKGZuUxYrij80hLxFU3mw0s0qYR8N6ekNZ6vok-Cnto1pDZSSoJ7JJOwDRGUCzNjYCCyHmqx-kllUpcNFDpPU-eC72Ni5PEqlV9ZVFvVjkmnXLp6b2uplacYafyEFbFeHJAfEdOY8hQDgDCqO3zbaOx-FGs4XWDLbVMv5bz8c
|
| project_id | 2a642e78f42f43ce8458974e7c6aded4
|
| user_id | 8cff3292355d4571a7cb7c5165c4cc73
|
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
(demo) samueldmq@workstation:~/workspace$ openstack user show
8cff3292355d4571a7cb7c5165c4cc73
+---------------------+--------------------------------------------------------------------------------------------------------------------------+
| Field | Value
|
+---------------------+--------------------------------------------------------------------------------------------------------------------------+
| domain_id | default
|
| enabled | True
|
| id | 8cff3292355d4571a7cb7c5165c4cc73
|
| name | admin
|
| options | {'ignore_lockout_failure_attempts': True,
'ignore_password_expiry': True, 'ignore_change_password_upon_first_use': True} |
| password_expires_at | 2017-05-04T21:04:24.000000
|
+---------------------+--------------------------------------------------------------------------------------------------------------------------+
(demo) samueldmq@workstation:~/workspace$ date -u
Qua Mai 3 21:41:44 UTC 2017
[[ Manually updated system date +1d ]]
(demo) samueldmq@workstation:~/workspace$ date -u
Qui Mai 4 21:41:55 UTC 2017
(demo) samueldmq@workstation:~/workspace$ openstack token issue
The password is expired and needs to be changed for user:
8cff3292355d4571a7cb7c5165c4cc73. (HTTP 401) (Request-ID:
req-278ccb52-582e-426d-a58d-5ba3a297eeaf)
Environment:
- Ubuntu 14.04 LTS
- Using virtualenv-15.0.1 with Python 3.5
- keystone master version
- python-openstackclient master version
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1688123/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
