scottk/openstack-helm
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/openstack-helm.git synced 2025-12-25 17:27:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Enable keystone brute-force protection by default

Browse Source 
This change sets lockout_failure_attempts and lockout_duration
configuration options in security_compliance group.

Change-Id: I72910e52239ace23b92d826794cd0603a061e6c3
This commit is contained in:
Vladyslav Drok
2018-12-17 10:29:49 -08:00
parent c90df9d6d5
commit df336272f0
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
keystone/values.yaml
View File

@@ -430,6 +430,10 @@ conf:
backend: dogpile.cache.memcached
oslo_messaging_notifications:
driver: messagingv2
security_compliance:
# NOTE(vdrok): The following two options have effect only for SQL backend
lockout_failure_attempts: 5
lockout_duration: 1800
# NOTE(lamt) We can leverage multiple domains with different
# configurations as outlined in
# https://docs.openstack.org/keystone/pike/admin/identity-domain-specific-config.html.