+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-sysadm] [LONG] sympa ( and web apps ) ldap authentication

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5BLONG%5D%20sympa%20%28%20and%20web%20apps%20%29%0A%09ldap%09authentication&In-Reply-To=%3C20101125195407.GR7479%40virgo.home.nanardon.zarb.org%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="000945.html">

+ <LINK REL="Next" HREF="000948.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-sysadm] [LONG] sympa ( and web apps ) ldap authentication</H1>

+ <B>Olivier Thauvin</B>

+ <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5BLONG%5D%20sympa%20%28%20and%20web%20apps%20%29%0A%09ldap%09authentication&In-Reply-To=%3C20101125195407.GR7479%40virgo.home.nanardon.zarb.org%3E"

+ TITLE="[Mageia-sysadm] [LONG] sympa ( and web apps ) ldap authentication">nanardon at nanardon.zarb.org

+ </A><BR>

+ <I>Thu Nov 25 20:54:09 CET 2010</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="000945.html">[Mageia-sysadm] [LONG] sympa ( and web apps ) ldap authentication

+</A></li>

+ <LI>Next message: <A HREF="000948.html">[Mageia-sysadm] [LONG] sympa ( and web apps ) ldap authentication

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#947">[ date ]</a>

+ <a href="thread.html#947">[ thread ]</a>

+ <a href="subject.html#947">[ subject ]</a>

+ <a href="author.html#947">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>* Romain d'Alverny (<A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">rdalverny at gmail.com</A>) wrote:

+&gt;<i> On Thu, Nov 25, 2010 at 18:54, Michael Scherer &lt;<A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">misc at zarb.org</A>&gt; wrote:

+</I>&gt;<i> &gt; Le jeudi 25 novembre 2010 &#224; 10:50 +0100, Buchan Milne a &#233;crit :

+</I>&gt;<i> &gt; My point is that we should be consistent. Ie, if we start using

+</I>&gt;<i> &gt; sometimes a username, sometimes a email ( and well, I must say &quot;one of

+</I>&gt;<i> &gt; the numerous email people have&quot;, because I am pretty sure that I am not

+</I>&gt;<i> &gt; the only one to have more than 1 email ), this will be annoying.

+</I>&gt;<i>

+</I>&gt;<i> When we set up my.mandriva.com back in 2005, using the email address

+</I>&gt;<i> instead of login to authenticate has been a big improvement: way less

+</I>&gt;<i> contacts from people saying &quot;I forgot my username&quot; or trying to

+</I>&gt;<i> re-register with an already used email address and a different login

+</I>&gt;<i> (and then failing to do so).

+</I>&gt;<i>

+</I>&gt;<i> In this case, it may be that the cognitive effort to remember an email

+</I>&gt;<i> address one already uses regularly is easier than the one to remember

+</I>&gt;<i> a username that one may use only to authenticate (actually, that was

+</I>&gt;<i> the hypothesis back at the time).

+</I>

+It is possible to include in catdap a way to receive a reminder about

+users informations from a email.

+

+But the usage of email as login in my.mdv also make my life harder since

+I never remember which one of my 5 emails was used (the same issue apply

+on other website). The worst happend when I had to change my email

+address because it had to disappear.

+

+User must be able to change their email address. Changing the login will

+probaby have side effect, so using email as login is probably a bad

+idea.

+

+&gt;<i> &gt; We cannot use email everywhere, since some services do not support it

+</I>&gt;<i> &gt; ( svn+ssh will not accept it, no @ in username IIRC, neither would the

+</I>&gt;<i> &gt; current buildsystem ). And doing translation will be source of

+</I>&gt;<i> &gt; confusion.

+</I>&gt;<i>

+</I>&gt;<i> Yes, that's a drawback, but an acceptable one I think:

+</I>&gt;<i> * only for people that will use code repositories and buildsystem; that is,

+</I>&gt;<i> * you are not forced to allow user identification against a single

+</I>&gt;<i> id; what you need is just something you know identifies the user for

+</I>&gt;<i> sure (if the email unicity and ownership are both proven, that's a

+</I>&gt;<i> pretty good hint). So you can both authenticate against email/pass and

+</I>&gt;<i> login/pass (and even have several email/login for that, if they are

+</I>&gt;<i> checked against first).

+</I>

+We can ensure unicity of login on our side because we have full control,

+but nothing prevent to a company to give same email to several people,

+or to give a previously used email address to a new employee.

+

+If the account become important (sys admin, distrib manager), we then

+cannot ensure who receive the information we send.

+

+--

+

+Olivier Thauvin

+CNRS - LATMOS

+&#9814; &#9816; &#9815; &#9813; &#9812; &#9815; &#9816; &#9814;

+-------------- next part --------------

+A non-text attachment was scrubbed...

+Name: not available

+Type: application/pgp-signature

+Size: 197 bytes

+Desc: not available

+URL: &lt;/pipermail/mageia-sysadm/attachments/20101125/7ae6acd8/attachment.asc&gt;

+</PRE>

+

+

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="000945.html">[Mageia-sysadm] [LONG] sympa ( and web apps ) ldap authentication

+</A></li>

+ <LI>Next message: <A HREF="000948.html">[Mageia-sysadm] [LONG] sympa ( and web apps ) ldap authentication

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#947">[ date ]</a>

+ <a href="thread.html#947">[ thread ]</a>

+ <a href="subject.html#947">[ subject ]</a>

+ <a href="author.html#947">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm

+mailing list</a><br>

+</body></html>