On Mon, Sep 24, 2012 at 3:37 AM, Marius Mårnes Mathiesen <marius.mathie...@gmail.com> wrote: > Although I wasn't around at the time, I would think it either had to do with > a higher probabilty for uniqueness with a three char username or the risk of > brute force attacks on shorter usernames?
Thank you. Do you think this is still valid? In other words, would you take a patch that drops the username limit from 3 to 2? To address any brute-force concerns, maybe the password minimum character limit should be increased. On Mon, Sep 24, 2012 at 5:30 AM, Peter Kjellerstedt <peter.kjellerst...@axis.com> wrote: > You might want to consider making this configurable, given that you cannot > influence what user names are already in use Gitorious has so many configuration options already, so perhaps we should just change the limit from 3 to 2 and reduce the number of code paths to test? On Mon, Sep 24, 2012 at 5:41 AM, Marius Mårnes Mathiesen <marius.mathie...@gmail.com> wrote: > Side note: we're going to have to make some changes to how usernames are > validated when using an external authentication provider (like LDAP) anyway. > We currently substitute any dots in usernames with a dash, but the problem > here is that this is a lossy process. We have seen LDAP directories which > use both dashes and dots. One thing to do could be to be more liberal when > using external authentication systems; do any of you have any thoughts on > this - eg. what kind of real-world use cases we will need in this regard? Good question. I support Gitorious for a multi-realm Active Directory environment. Currently Gitorious' Kerberos+LDAP authentication is only enabled for one of the domains, but down the road I want to open it up to support users from multiple domains. This will entail supporting Gitorious usernames with "@" signs. I've been meaning to look into what exactly is blocking "@" signs in Gitorious - I wasn't sure if the restriction is related to Rails or not. - Ken -- To post to this group, send email to gitorious@googlegroups.com To unsubscribe from this group, send email to gitorious+unsubscr...@googlegroups.com
