Open Stack

On Thu, Sep 26, 2013 at 11:02 AM, Brant Knudson <blk at acm.org> wrote:

>
> On Thu, Sep 26, 2013 at 4:44 AM, Ralf Haferkamp <rhafer at suse.de> wrote:
>
>>
>> As Dolph already suggested we should not allow usernames that just differ
>> in
>> capitalization  ("JDoe" vs. "jdoe") to co-exist. (Which could be an
>> argument
>> for handling users case-insensitive in general)
>>
>
> This enforcement should be handled by the LDAP server if the organization
> thinks it's important to have users with names unique without respect for
> capitalization. LDAP servers can also enforce normal security enhancers
> like password strength, expiration, and locking out users after invalid
> logins that the SQL backend doesn't support.
>
> My recommendation is that Keystone should get away from dealing with
> creating/updating users to avoid reinventing the wheel (and making a wheel
> that's missing bells and whistles). If comparing user names is a problem,
> let's limit it to our custom SQL backend and not let it spread to other
> more featureful backends.
>

++; this confusion specifically stems from keystone's implementation
against SQL, where keystone manages users directly


>
>
> - Brant
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>


-- 

-Dolph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130926/733066d0/attachment.html>