Comment 4 for bug 1175906

Thanks TTX.

My initial feeling is that truncating input is not the way to go. Indeed I seem to remember Microsoft getting lambasted for this many years ago (although the trucation was somewhat more extreme). My objection is on the basis that a client who believes they have a certain amount of complexity in their password should have confidence that this complexity is maintained in Keystone.

Making this option configurable and providing appropriate guidance seems prudent. Is there scope for throttling authentication attempts from tenants as an additional compensating control against this potential DoS ?