POST /users allows creation of user with no password
Bug #843186 reported by
klmitch
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
High
|
Unassigned |
Bug Description
Creating a user without a password should not be possible. It is.
To post a comment you must log in.
I get the nasty security implications, but there may be an underlying store somewhere configured to allow that and we want Keystone to support any underlying store and allow the store to set policies and accept/reject requests.
If you agree with the above, but would still like the reference store implemented on SQLite to not allow that we can make it so... lemme know...