We recently rolled out a config change to update the max_password_length to avoid all the log messages. We set this to 54 as mentioned in the release notes which we discovered was a BIG mistake as this broke everyone authenticating using existing application credentials.
There is a bit of confusion as to what to do here and the code and the release notes are inconsistent.
Upgrading to zed we got a lot of these in the logs [1]:
"Truncating password to algorithm specific maximum length 72 characters."
In the config help [2] for "max_password_length" it says:
"The bcrypt max_password_length is 72 bytes."
In the release notes [1] it say:
"Currently only bcrypt has fixed allowed lengths defined which is 54 characters."
We recently rolled out a config change to update the max_password_length to avoid all the log messages. We set this to 54 as mentioned in the release notes which we discovered was a BIG mistake as this broke everyone authenticating using existing application credentials.
There is a bit of confusion as to what to do here and the code and the release notes are inconsistent.
Upgrading to zed we got a lot of these in the logs [1]:
"Truncating password to algorithm specific maximum length 72 characters."
In the config help [2] for "max_password_ length" it says:
"The bcrypt max_password_length is 72 bytes."
In the release notes [1] it say:
"Currently only bcrypt has fixed allowed lengths defined which is 54 characters."
[1] https:/ /github. com/openstack/ keystone/ blob/9b0b414e3e b915c89c9786abe b1307ba734f5901 /keystone/ common/ password_ hashing. py#L89 /github. com/openstack/ keystone/ blob/9b0b414e3e b915c89c9786abe b1307ba734f5901 /keystone/ conf/identity. py#L106 /docs.openstack .org/releasenot es/keystone/ zed.html
[2] https:/
[3] https:/