Hi, I have the same problem as Peter, I currently have several LDAP uid with 2 characters.
So, I would like to know if there is still this three-characters limit into Gitorious. If not, is there a config parameter somewhere to adjust this limit ? Cheers, Thomas. Thomas Chemineau 2012/9/25 Marius Mårnes Mathiesen <[email protected]> > On Mon, Sep 24, 2012 at 2:47 PM, Ken Dreyer <[email protected]> wrote: > >> On Mon, Sep 24, 2012 at 3:37 AM, Marius Mårnes Mathiesen >> <[email protected]> wrote: >> > Although I wasn't around at the time, I would think it either had to do >> with >> > a higher probabilty for uniqueness with a three char username or the >> risk of >> > brute force attacks on shorter usernames? >> >> Thank you. Do you think this is still valid? In other words, would you >> take a patch that drops the username limit from 3 to 2? To address any >> brute-force concerns, maybe the password minimum character limit >> should be increased. >> > > I agree, I'm quite sure such a patch would be accepted :-) > > >> On Mon, Sep 24, 2012 at 5:30 AM, Peter Kjellerstedt >> <[email protected]> wrote: >> > You might want to consider making this configurable, given that you >> cannot >> > influence what user names are already in use >> >> Gitorious has so many configuration options already, so perhaps we >> should just change the limit from 3 to 2 and reduce the number of code >> paths to test? >> > > Agreed. > > On Mon, Sep 24, 2012 at 5:41 AM, Marius Mårnes Mathiesen >> <[email protected]> wrote: >> > Side note: we're going to have to make some changes to how usernames are >> > validated when using an external authentication provider (like LDAP) >> anyway. >> > We currently substitute any dots in usernames with a dash, but the >> problem >> > here is that this is a lossy process. We have seen LDAP directories >> which >> > use both dashes and dots. One thing to do could be to be more liberal >> when >> > using external authentication systems; do any of you have any thoughts >> on >> > this - eg. what kind of real-world use cases we will need in this >> regard? >> >> Good question. I support Gitorious for a multi-realm Active Directory >> environment. Currently Gitorious' Kerberos+LDAP authentication is only >> enabled for one of the domains, but down the road I want to open it up >> to support users from multiple domains. This will entail supporting >> Gitorious usernames with "@" signs. I've been meaning to look into >> what exactly is blocking "@" signs in Gitorious - I wasn't sure if the >> restriction is related to Rails or not. >> > > Thanks for the input. The only restriction I still remember the motivation > for wrt usernames is the dot: Rails treats dots anywhere in a URL > specially, I think because of the convention of using it to specify a > format. If you'd care experimenting with allowing and using @'s in > usernames I'd love to hear how this works for you. > > Cheers, > - Marius > > -- > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > -- -- To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] --- You received this message because you are subscribed to the Google Groups "Gitorious" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
