diff --git a/doc/source/configuration/settings.rst b/doc/source/configuration/settings.rst index 76048124ac..cc9d7f9b0a 100644 --- a/doc/source/configuration/settings.rst +++ b/doc/source/configuration/settings.rst @@ -1183,6 +1183,19 @@ supported image formats. Keystone -------- +ALLOW_USERS_CHANGE_EXPIRED_PASSWORD +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. versionadded:: 16.0.0(Train) + +Default: ``True`` + +When enabled, this setting lets users change their password after it has +expired or when it is required to be changed on first use. Disabling it will +force such users to either use the command line interface to change their +password, or contact the system administrator. + + AUTHENTICATION_PLUGINS ~~~~~~~~~~~~~~~~~~~~~~ diff --git a/openstack_auth/defaults.py b/openstack_auth/defaults.py index a72141b47f..8cb89cfa07 100644 --- a/openstack_auth/defaults.py +++ b/openstack_auth/defaults.py @@ -72,6 +72,11 @@ SECURE_PROXY_ADDR_HEADER = False # contact an admin to change their password. PASSWORD_EXPIRES_WARNING_THRESHOLD_DAYS = -1 +# Horizon can prompt the user to change their password when it is expired +# or required to be changed on first use. This is enabled by default, but +# can be disabled if not desired. +ALLOW_USERS_CHANGE_EXPIRED_PASSWORD = True + OPENSTACK_KEYSTONE_ADMIN_ROLES = ['admin'] OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False # Set this to True if you want available domains displayed as a dropdown menu diff --git a/releasenotes/notes/bp-allow-users-change-expired-password-19223784fdf5059b.yaml b/releasenotes/notes/bp-allow-users-change-expired-password-19223784fdf5059b.yaml new file mode 100644 index 0000000000..35804c0192 --- /dev/null +++ b/releasenotes/notes/bp-allow-users-change-expired-password-19223784fdf5059b.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Users can now change their password when it expires or is required to be + changed on the first use. A new setting ALLOW_USERS_CHANGE_EXPIRED_PASSWORD + has been added allowing administrators to disable that feature.