Any thoughts on this? It seems complex to me, but I most of the complexity is in the dual-login setup, which I think really is important. The username fiddling probably won't be too much additional work.
On 9/19/13 5:38 PM, Dave Brondsema wrote: > Before we move tickets over, I think we should have a good login system > that'll > work long-term. > > I would like to support ASF committers logging in via ASF LDAP (infrastructure > can set up an auth proxy in front of Allura). If Allura gains popularity > among > other projects in Apache (and I hope it does), we could have a lot of ASF > users > on it, and managing that through the official LDAP system will help a lot. > > I think we'll also want anyone to be able to create an account so that they > can > report a bug, make a comment, etc. > > Setting up an auth provider which can handle both would be ideal. A problem, > though is username conflicts. Even if we prevent users from registering with > usernames that match existing ASF accounts, we could have a future problem if > a > new ASF committer chooses a username that a "regular" person has on Allura > already. > > A possible solution is to "namespace" the usernames so that these two are > separate and can't conflict. An underscore "_" is not allowed in ASF > usernames, > so it could be automatically appended to all "regular" Allura usernames (on > forge-allura.a.o instance only of course). Or we could put something on all > ASF > committer usernames like an "asf-" prefix. I prefer to keep the ASF committer > usernames unchanged since they will be the biggest potential users of Allura, > so > I'd go with johndoe_ format for non-ASF accounts on our instance of Allura. > > Messing with people's usernames is kind of ugly, but at least with them > separated we'll have a clear distinction between the types and thus be able to > make changes later, if needed. > > Thoughts, or better ideas? > > If we agree, we can begin working on this in a custom authentication provider. > > > > > -- Dave Brondsema : d...@brondsema.net http://www.brondsema.net : personal http://www.splike.com : programming <><
