The keystone.conf gives no guidelines as to the minimum and maximum values of crypt_strength in keystone.conf. If set too high or low, the user creation will fail. The min, max is defined in https://pythonhosted.org/passlib/lib/passlib.hash.sha512_crypt.html, but this info is not indicated in keystone.
To recreate:
- install devstack (I ran keystone without mod_wsgi in my case, don't think its relevant though)
- change crypt_strength value to 500 in keystone.conf
- login to horizon
- click on Identity -> Users
- click Create User
- enter any values you want for the new user
- Notice the creation of the user fails. The keystone log contains the following ValueError. http://paste.openstack.org/show/425692/
I believe similar errors would occur when setting admin_port, public_port, and pydev-debug-port outside the range of 1-65535
Reviewed: https:/ /review. openstack. org/212373 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=72368d98b4b aad06f134e80f72 87a410a1a06799
Committed: https:/
Submitter: Jenkins
Branch: master
commit 72368d98b4baad0 6f134e80f7287a4 10a1a06799
Author: Eric Brown <email address hidden>
Date: Wed Aug 12 23:35:45 2015 -0700
Use min and max on IntOpt option types
* Set crypt_strength min and max according to passlib API paste.openstack .org/show/ 427243/
documentation minimum and a reasonable maximum. Used the following
as a guide: http://
* Set a minimum appropriate key_size of keys used for certificates
* pydev-debug-port, public_port, and admin_port min max set according
to the range available for a TCP port.
Closes-Bug: #1487960
Change-Id: I71112c569b9658 96a409c5f8559c3 8488c2249c9