The vague details on the server side are intentional, as there are many reasons authentication could have failed, including the user does not exist or is disabled, their project or domain does not exist or is disabled, or they're using an auth method like token, application_credential, trust, or external that failed in some other way. "bad username or password" wouldn't apply to those cases, and we don't want to get too specific about the failure since that gives more power to attackers.
However we could have keystoneauth override the message from keystone and say "Failed to authenticate" (omitting "due to...") if that is less confusing than "requires authentication".
The error message comes from keystone, not from keystoneauth:
https:/ /opendev. org/openstack/ keystone/ src/commit/ 3b13b4e5e7d72c2 eaef470d0f84537 a279e10e43/ keystone/ exception. py#L281
The vague details on the server side are intentional, as there are many reasons authentication could have failed, including the user does not exist or is disabled, their project or domain does not exist or is disabled, or they're using an auth method like token, application_ credential, trust, or external that failed in some other way. "bad username or password" wouldn't apply to those cases, and we don't want to get too specific about the failure since that gives more power to attackers.
However we could have keystoneauth override the message from keystone and say "Failed to authenticate" (omitting "due to...") if that is less confusing than "requires authentication".