-
Story
-
Resolution: Unresolved
-
Medium
-
None
-
None
Original:
ONAP MUST, if not integrated with the Operator’s Identity and Access Management system, comply with “password complexity” policy. When passwords are used, they shall be complex and shall at least meet the following password construction requirements: (1) be a minimum configurable number of characters in length, (2) include 3 of the 4 following types of characters: upper-case alphabetic, lower-case alphabetic, numeric, and special, (3) not be the same as the UserID with which they are associated or other common strings as specified by the environment, (4) not contain repeating or sequential characters or numbers, (5) not to use special characters that may have command functions, and (6) new passwords must not contain sequences of three or more characters from the previous password.
Requirement is removed. Motivation:
- Authentication is not in the scope of ONAP, but shall be externalized.
- Exception: the ONAP super-user default account.