Enable keystone brute-force protection by default
This change sets lockout_failure_attempts and lockout_duration configuration options in security_compliance group. Change-Id: I72910e52239ace23b92d826794cd0603a061e6c3
This commit is contained in:
parent
c90df9d6d5
commit
df336272f0
@ -430,6 +430,10 @@ conf:
|
||||
backend: dogpile.cache.memcached
|
||||
oslo_messaging_notifications:
|
||||
driver: messagingv2
|
||||
security_compliance:
|
||||
# NOTE(vdrok): The following two options have effect only for SQL backend
|
||||
lockout_failure_attempts: 5
|
||||
lockout_duration: 1800
|
||||
# NOTE(lamt) We can leverage multiple domains with different
|
||||
# configurations as outlined in
|
||||
# https://docs.openstack.org/keystone/pike/admin/identity-domain-specific-config.html.
|
||||
|
Loading…
x
Reference in New Issue
Block a user