OpenStack Identity (keystone)

  1. Bug #1175904
  2. Comment #6

Comment 6 for bug 1175904

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/77325
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=94a2053cd05cabee2e4233ef33e1f116201d9368
Submitter: Jenkins
Branch: master

commit 94a2053cd05cabee2e4233ef33e1f116201d9368
Author: Li Ma <email address hidden>
Date: Fri Feb 28 18:54:35 2014 -0800

    Password trunction makes password insecure

    The trunc_password function attempts to correct and truncate
    password. It is not recommended to 'fix' invalid input and
    continue on processing and logging it. Instead, strict check
    is introduced to validate password. If a password exceeds the
    maximum length, an HTTP 403 Forbidden error is thrown.

    In order to keep compatibility, an option 'strict_password_check'
    is also introduced to let operator decide which method to use.

    DocImpact
    Change-Id: I560daa843b94a05412af59a059de5a98bad2925e
    Closes-Bug: #1175904