Reviewed: https://review.openstack.org/425507 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=0b3e59e0411c546539d8f17e81af3a04c5f46f90 Submitter: Jenkins Branch: master
commit 0b3e59e0411c546539d8f17e81af3a04c5f46f90 Author: Ronald De Rose <ronald.de.r...@intel.com> Date: Thu Jan 26 03:07:44 2017 +0000 PCI-DSS Force users to change password upon first use "PCI-DSS 8.2.6 Set passwords/passphrases for first-time use and upon reset to a unique value for each user, and change immediately after the first use" [1]. I'll update the docs in a subsequent patch. [1] https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf Closes-Bug: #1645487 Change-Id: I5575dbd6d63d41014a7468acd6bdf0175d791618 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1645487 Title: Missing PCI-DSS 8.2.6 requiring users to change their password upon first use Status in OpenStack Identity (keystone): Fix Released Bug description: PCI-DSS 8.2.6 requires that users immediately change their password upon first use [1]. However, this requirement was missed in the PCI- DSS spec and implementation [2]. PCI-DSS 8.2.6 needs to be implemented in order for Keystone to be PCI compliant. [1] https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf [2] https://github.com/openstack/keystone-specs/blob/master/specs/keystone/newton/pci-dss.rst To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1645487/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp