Browse code
Merge "Improve OpenStack performance by redcuing bcrypt hasing rounds number"
Jenkins authored on 2017/06/15 01:10:29Showing 1 changed files
| ... | ... |
@@ -127,6 +127,12 @@ KEYSTONE_LOCKOUT_FAILURE_ATTEMPTS=${KEYSTONE_LOCKOUT_FAILURE_ATTEMPTS:-2}
|
| 127 | 127 |
KEYSTONE_LOCKOUT_DURATION=${KEYSTONE_LOCKOUT_DURATION:-5}
|
| 128 | 128 |
KEYSTONE_UNIQUE_LAST_PASSWORD_COUNT=${KEYSTONE_UNIQUE_LAST_PASSWORD_COUNT:-2}
|
| 129 | 129 |
|
| 130 |
+# Number of bcrypt hashing rounds, increasing number exponentially increases required |
|
| 131 |
+# resources to generate password hash. This is very effective way to protect from |
|
| 132 |
+# bruteforce attacks. 4 is minimal value that can be specified for bcrypt and |
|
| 133 |
+# it works way faster than default 12. Minimal value is great for CI and development |
|
| 134 |
+# however may not be suitable for real production. |
|
| 135 |
+KEYSTONE_PASSWORD_HASH_ROUNDS=${KEYSTONE_PASSWORD_HASH_ROUNDS:-4}
|
|
| 130 | 136 |
|
| 131 | 137 |
# Functions |
| 132 | 138 |
# --------- |
| ... | ... |
@@ -225,6 +231,7 @@ function configure_keystone {
|
| 225 | 225 |
fi |
| 226 | 226 |
|
| 227 | 227 |
iniset $KEYSTONE_CONF identity driver "$KEYSTONE_IDENTITY_BACKEND" |
| 228 |
+ iniset $KEYSTONE_CONF identity password_hash_rounds $KEYSTONE_PASSWORD_HASH_ROUNDS |
|
| 228 | 229 |
iniset $KEYSTONE_CONF assignment driver "$KEYSTONE_ASSIGNMENT_BACKEND" |
| 229 | 230 |
iniset $KEYSTONE_CONF role driver "$KEYSTONE_ROLE_BACKEND" |
| 230 | 231 |
iniset $KEYSTONE_CONF resource driver "$KEYSTONE_RESOURCE_BACKEND" |