Article 13053 at 08/05/23 10:19:15 From: bq (at mark) solarspeed.net Subject: [coba-e:13053] Re: Error creating new site

Index: [Article Count Order] [Thread]
Date:  Fri, 23 May 2008 03:18:56 +0200
From:  Michael Stauber <bq (at mark) solarspeed.net>
Subject:  [coba-e:13053] Re: Error creating new site
To:  coba-e (at mark) bluequartz.org
Message-Id:  <200805230318.57562.bq (at mark) solarspeed.net>
In-Reply-To:  <4835FB3C.1070800 (at mark) theanchoragesylvania.com>
References:  <200802061632520859.01400266 (at mark) mail.loosle.com> <200805222307.51965.bq (at mark) solarspeed.net> <4835FB3C.1070800 (at mark) theanchoragesylvania.com>
X-Mail-Count: 13053

Hi Greg,

> Yep - Gotcha about the aliases etc.... but why cant we make the
> usernames be their full email address to login to get their mail and FTP
> to the site etc etc... I've seen this done on other platforms.... This
> approach would guarantee that we will never have a problem with a
> username already "taken", since they will always be unique in each
> vsite....

I can see why other plattforms may use this approach and it's a design 
decision that should be made very early on before the coding starts. To 
change it later on can be quite a nightmare. :o)

Well, yeah: Technically that's possible on BlueQuartz, but it would require a 
somewhat drastical architectural change of Sausalito and CCE. I think that 
would be a very bumpy ride for very little gain. As you can still work around 
the username restrictions by setting email aliasses.

Sausalito and CCE (the backend of the BlueQuartz GUI) were designed by pretty 
security minded people. From the point where you login to the GUI up to the 
point where you log out (or your session expires), your access rights are 
under continuous scrutiniy.

For starters: You can only login to the GUI if the username exists on the 
underlying system and the login credentials can be verified with the PAM 
mechanism. Your Linux privileges are (to a small degree) taken into account 
and further BlueQuartz specific privileges (siteAdmin, dnsAdmin, etc, etc) 
are checked and granted - if that user has them. 

So as it stands right now for logins into the GUI you'll have to use real 
Linux usernames, because they're passed down to PAM for checking if the user 
exists. If we'd allow email addresses as usernames (or email addresses 
instead of usernames), then we'd have to implement a mechanism 
that "translates" the email address into the real Linux username at every 
step along the road.  

Likewise, as authentication and privileges are re-checked on acessing 
literally every GUI page, this would possibly also require changes in many 
GUI pages, CCE itself and a few Schemas and Handlers. That's a ton of work 
for just a small gain. :o/

P.S.: If the email address is used as login ID: What happens when you rename a 
domain? In that case the login ID of each user also has to change, because 
the domain name in their login ID is now. That's nasty. :o) 

-- 
With best regards,

Michael Stauber