Keystone Account Password Rules

StarlingX OpenStack enforces a set of strength requirements for new or changed passwords.

By default, the following rules apply:

• The password must be at least seven characters long.

• You cannot reuse the last 2 passwords in history.

• The password must contain:

  • at least one lower-case character

  • at least one upper-case character

  • at least one numeric character

  • at least one special character

The Keystone service can be configured to use customized password rules. For more information, see the keystone documentation: Configuring password strength requirements.

The steps below can be used as a reference to update the Keystone service via helm-override to customize the password rules and their description.

1. Create the yaml override file with the following contents:

   conf:
       keystone:
           security_compliance:
               password_regex: ^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()<>{}+=_\\\[\]\-?|~`,.;:]).{12,}$
               password_regex_description: Password must have a minimum length of 12 characters, and must contain at least 1 upper case, 1 lower case, 1 digit, and 1 special character
               unique_last_password_count = 5
   

2. Update the Keystone helm overrides.

   system helm-override-update stx-openstack keystone openstack --reuse-values --values keystone-password-override.yaml

3. Apply the new overrides.

   system application-apply stx-openstack

4. Wait for apply to complete.

   watch system application-list