Comment 9 for bug 1795800

I disagree that this is too hard to fix. In fact I'm fairly sure I found it already:

http://git.openstack.org/cgit/openstack/keystone/tree/keystone/auth/plugins/core.py?h=stable/pike#n174

We do a user lookup long before bothering to try to validate the password. The fix is to continue to go through the motions of trying to validate the password while keeping track of the fact that the user is already unauthorized. This is independent of hardware and caching mechanisms.

The performance slowdown would only occur for invalid authentication, not for valid ones, so I think it's an acceptable hit.