Warning log messages about password being truncated upon user update
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
New
|
Undecided
|
Unassigned | ||
Bug Description
When a user is updated [1] the user object is re-instantiated from the current user object.
In this user dictionary, the password attribute is the hashed password, which can easily be more than the preconfigured 72 chars (when using `bcrypt` method). We have been running keystone since icehouse version, so we still have a lot of passwords that use the `sha512crypt` method (which was the default back then [2]), which are more than 72 chars, easy.
For example:
```
$6$rounds=
```
Please note, nothing wrong happens; the password is not actually truncated when saved or updated, as this is handled separately [3].
One way to go about it, is to pop the `password` field from the `old_user_dict`, so the warning only pops up whenever a user really updates it's password.
[1] https:/
[2] https:/
[3] https:/
| OpenStack Infra (hudson-openstack) wrote Fix proposed to keystone (master) | #1 |
| Changed in keystone: | |
| status: | New → In Progress |
| Changed in keystone: | |
| status: | In Progress → New |
Fix proposed to branch: master
Review: https:/