openstack/openstack-helm
Code Issues Proposed changes

Merge "Enable keystone brute-force protection by default"

Browse Source
This commit is contained in:
Zuul 2018-12-19 07:24:47 +00:00 committed by Gerrit Code Review
commit 2fcfd668ad
1 changed files with 4 additions and 0 deletions

4
keystone/values.yaml

@ -439,6 +439,10 @@ conf:
backend: dogpile.cache.memcached backend: dogpile.cache.memcached
oslo_messaging_notifications: oslo_messaging_notifications:
driver: messagingv2 driver: messagingv2
security_compliance:
# NOTE(vdrok): The following two options have effect only for SQL backend
lockout_failure_attempts: 5
lockout_duration: 1800
# NOTE(lamt) We can leverage multiple domains with different # NOTE(lamt) We can leverage multiple domains with different
# configurations as outlined in # configurations as outlined in
# https://docs.openstack.org/keystone/pike/admin/identity-domain-specific-config.html. # https://docs.openstack.org/keystone/pike/admin/identity-domain-specific-config.html.