Warning log messages about password being truncated upon user update
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
New
|
Undecided
|
Unassigned |
Bug Description
When a user is updated [1] the user object is re-instantiated from the current user object.
In this user dictionary, the password attribute is the hashed password, which can easily be more than the preconfigured 72 chars (when using `bcrypt` method). We have been running keystone since icehouse version, so we still have a lot of passwords that use the `sha512crypt` method (which was the default back then [2]), which are more than 72 chars, easy.
For example:
```
$6$rounds=
```
Please note, nothing wrong happens; the password is not actually truncated when saved or updated, as this is handled separately [3].
One way to go about it, is to pop the `password` field from the `old_user_dict`, so the warning only pops up whenever a user really updates it's password.
[1] https:/
[2] https:/
[3] https:/
Changed in keystone: | |
status: | In Progress → New |
Fix proposed to branch: master /review. opendev. org/c/openstack /keystone/ +/915256
Review: https:/