Comment 0 for bug 2061922

We recently rolled out a config change to update the max_password_length to avoid all the log messages. We set this to 54 as mentioned in the release notes which we discovered was a BIG mistake as this broke everyone authenticating using existing application credentials.

There is a bit of confusion as to what to do here and the code and the release notes are inconsistent.

Upgrading to zed we got a lot of these in the logs [1]:

"Truncating password to algorithm specific maximum length 72 characters."

In the config help [2] for "max_password_length" it says:

"The bcrypt max_password_length is 72 bytes."

In the release notes [1] it say:

"Currently only bcrypt has fixed allowed lengths defined which is 54 characters."

[1] https://github.com/openstack/keystone/blob/9b0b414e3eb915c89c9786abeb1307ba734f5901/keystone/common/password_hashing.py#L89
[2] https://github.com/openstack/keystone/blob/9b0b414e3eb915c89c9786abeb1307ba734f5901/keystone/conf/identity.py#L106
[3] https://docs.openstack.org/releasenotes/keystone/zed.html