Change to Wikitech logins: Username now case-sensitive

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Change to Wikitech logins: Username now case-sensitive

Bryan Davis
A change was deployed to the Wikitech config 2019-04-15T23:16 UTC
which prevents users from logging into the wiki with a username that
differs in case from the 'cn' value for their developer account.

This change is not expected to cause problems for most users, but
there may be some people who have historically entered a username with
mismatched case (for example "bryandavis" instead of "BryanDavis") and
relied on MediaWiki and the LdapAuthentication plugin figuring things
out. This will no longer happen automatically. These users will need
to update their password managers (or brains if they are not using a
password manager) to supply the username with correct casing.

The "wrongpassword" error message on Wikitech has been updated with a
local override to help people discover this problem. See
<https://phabricator.wikimedia.org/T165795> for more details.

Bryan, on behalf of the Cloud Services team
--
Bryan Davis              Wikimedia Foundation    <[hidden email]>
[[m:User:BDavis_(WMF)]] Manager, Technical Engagement    Boise, ID USA
irc: bd808                                        v:415.839.6885 x6855

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Change to Wikitech logins: Username now case-sensitive

Andrew Otto
Great!  Is this just for Wikitech itself or all ldap/wikitech
authentication?

On Mon, Apr 15, 2019 at 7:56 PM Bryan Davis <[hidden email]> wrote:

> A change was deployed to the Wikitech config 2019-04-15T23:16 UTC
> which prevents users from logging into the wiki with a username that
> differs in case from the 'cn' value for their developer account.
>
> This change is not expected to cause problems for most users, but
> there may be some people who have historically entered a username with
> mismatched case (for example "bryandavis" instead of "BryanDavis") and
> relied on MediaWiki and the LdapAuthentication plugin figuring things
> out. This will no longer happen automatically. These users will need
> to update their password managers (or brains if they are not using a
> password manager) to supply the username with correct casing.
>
> The "wrongpassword" error message on Wikitech has been updated with a
> local override to help people discover this problem. See
> <https://phabricator.wikimedia.org/T165795> for more details.
>
> Bryan, on behalf of the Cloud Services team
> --
> Bryan Davis              Wikimedia Foundation    <[hidden email]>
> [[m:User:BDavis_(WMF)]] Manager, Technical Engagement    Boise, ID USA
> irc: bd808                                        v:415.839.6885 x6855
>
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Change to Wikitech logins: Username now case-sensitive

Petr Bena
Hello,

What was the reason for this change? What does it improve or fix?

On Tue, Apr 16, 2019 at 3:00 PM Andrew Otto <[hidden email]> wrote:

>
> Great!  Is this just for Wikitech itself or all ldap/wikitech
> authentication?
>
> On Mon, Apr 15, 2019 at 7:56 PM Bryan Davis <[hidden email]> wrote:
>
> > A change was deployed to the Wikitech config 2019-04-15T23:16 UTC
> > which prevents users from logging into the wiki with a username that
> > differs in case from the 'cn' value for their developer account.
> >
> > This change is not expected to cause problems for most users, but
> > there may be some people who have historically entered a username with
> > mismatched case (for example "bryandavis" instead of "BryanDavis") and
> > relied on MediaWiki and the LdapAuthentication plugin figuring things
> > out. This will no longer happen automatically. These users will need
> > to update their password managers (or brains if they are not using a
> > password manager) to supply the username with correct casing.
> >
> > The "wrongpassword" error message on Wikitech has been updated with a
> > local override to help people discover this problem. See
> > <https://phabricator.wikimedia.org/T165795> for more details.
> >
> > Bryan, on behalf of the Cloud Services team
> > --
> > Bryan Davis              Wikimedia Foundation    <[hidden email]>
> > [[m:User:BDavis_(WMF)]] Manager, Technical Engagement    Boise, ID USA
> > irc: bd808                                        v:415.839.6885 x6855
> >
> > _______________________________________________
> > Wikitech-l mailing list
> > [hidden email]
> > https://lists.wikimedia.org/mailman/listinfo/wikitech-l
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Change to Wikitech logins: Username now case-sensitive

Petr Bena
NVM, I just figured out that MW and Gerrit was creating duplicated
accounts due to this

On Tue, Apr 16, 2019 at 3:16 PM Petr Bena <[hidden email]> wrote:

>
> Hello,
>
> What was the reason for this change? What does it improve or fix?
>
> On Tue, Apr 16, 2019 at 3:00 PM Andrew Otto <[hidden email]> wrote:
> >
> > Great!  Is this just for Wikitech itself or all ldap/wikitech
> > authentication?
> >
> > On Mon, Apr 15, 2019 at 7:56 PM Bryan Davis <[hidden email]> wrote:
> >
> > > A change was deployed to the Wikitech config 2019-04-15T23:16 UTC
> > > which prevents users from logging into the wiki with a username that
> > > differs in case from the 'cn' value for their developer account.
> > >
> > > This change is not expected to cause problems for most users, but
> > > there may be some people who have historically entered a username with
> > > mismatched case (for example "bryandavis" instead of "BryanDavis") and
> > > relied on MediaWiki and the LdapAuthentication plugin figuring things
> > > out. This will no longer happen automatically. These users will need
> > > to update their password managers (or brains if they are not using a
> > > password manager) to supply the username with correct casing.
> > >
> > > The "wrongpassword" error message on Wikitech has been updated with a
> > > local override to help people discover this problem. See
> > > <https://phabricator.wikimedia.org/T165795> for more details.
> > >
> > > Bryan, on behalf of the Cloud Services team
> > > --
> > > Bryan Davis              Wikimedia Foundation    <[hidden email]>
> > > [[m:User:BDavis_(WMF)]] Manager, Technical Engagement    Boise, ID USA
> > > irc: bd808                                        v:415.839.6885 x6855
> > >
> > > _______________________________________________
> > > Wikitech-l mailing list
> > > [hidden email]
> > > https://lists.wikimedia.org/mailman/listinfo/wikitech-l
> > _______________________________________________
> > Wikitech-l mailing list
> > [hidden email]
> > https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Change to Wikitech logins: Username now case-sensitive

Andrew Bogott
In reply to this post by Andrew Otto
On 4/16/19 7:59 AM, Andrew Otto wrote:
> Great!  Is this just for Wikitech itself or all ldap/wikitech
> authentication?

This notice is related to a change in mediawiki code, so concerns direct
logins to wikitech itself.  That said, the 2fa key used by Horizon is
stored in a the wikitech database, so it's vaguely possible that Horizon
logins could be disrupted as well.

Other services that rely on ldap for account creation (e.g. gerrit,
icinga, etc.) are unaffected, although they may have unrelated
case-(in)sensitive issues of their own.


>
> On Mon, Apr 15, 2019 at 7:56 PM Bryan Davis <[hidden email]> wrote:
>
>> A change was deployed to the Wikitech config 2019-04-15T23:16 UTC
>> which prevents users from logging into the wiki with a username that
>> differs in case from the 'cn' value for their developer account.
>>
>> This change is not expected to cause problems for most users, but
>> there may be some people who have historically entered a username with
>> mismatched case (for example "bryandavis" instead of "BryanDavis") and
>> relied on MediaWiki and the LdapAuthentication plugin figuring things
>> out. This will no longer happen automatically. These users will need
>> to update their password managers (or brains if they are not using a
>> password manager) to supply the username with correct casing.
>>
>> The "wrongpassword" error message on Wikitech has been updated with a
>> local override to help people discover this problem. See
>> <https://phabricator.wikimedia.org/T165795> for more details.
>>
>> Bryan, on behalf of the Cloud Services team
>> --
>> Bryan Davis              Wikimedia Foundation    <[hidden email]>
>> [[m:User:BDavis_(WMF)]] Manager, Technical Engagement    Boise, ID USA
>> irc: bd808                                        v:415.839.6885 x6855
>>
>> _______________________________________________
>> Wikitech-l mailing list
>> [hidden email]
>> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l



_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l