hello, some users' login fails since they type upper case for their user ids ,etc ... how can case sensitivity be disabled so they can login with mix of upper and lower case? this is what i tried: in /etc/sssd/sssd.conf i tested this below [domain/default] case_sensitive = false i stopped sssd, deleted all inside /var/sss/db and started sssd but that did not help .... thank you, F-
FHDATA wrote:> some users' login fails since they type upper > case for their user ids ,etc ...Wouldn't it be better to explain to the users that the userid is case sensitive? You probably don't want a system where Fhdata, FHData and FHDATA are all possible and are different users. -- Yves Bellefeuille <yan at storm.ca>
On 09/05/2017 06:01 PM, Yves Bellefeuille wrote:> FHDATA wrote: > >> some users' login fails since they type upper >> case for their user ids ,etc ... > Wouldn't it be better to explain to the users that the userid is case > sensitive? You probably don't want a system where Fhdata, FHData and > FHDATA are all possible and are different users. >Normally, it's a failure to respond to a technical question by instead telling someone how to administer their system(s) or recommending different software. But in this instance I have to agree with Yves. For even if you, fhdata, were to successfully change system handling of userid for sssd, you would then have to allow the same sort of policy for other services such as email and news. Userids could be used also in databases which could be then corrupted. Problems could be introduced also into the various logs. If, as is likely the case, you are not the only sysadmin on the system(s), you would also be creating problems for the other sysadmins, now and into the future. I think it would also be a disservice to users, for case-insensitive userids is not what they'll find on web sites and web services throughout the rest of the world, even on their own phones. So I'd agree, in this instance you should stay with the standard and explain to users that there ids are case sensitive.
On 5 September 2017 at 17:27, FHDATA <fhdata at unm.edu> wrote:> > > hello, > > some users' login fails since they type upper > case for their user ids ,etc ... > > how can case sensitivity be disabled so they can login > with mix of upper and lower case? > > this is what i tried: > > in /etc/sssd/sssd.conf i tested this below > > [domain/default] > case_sensitive = false > > > i stopped sssd, deleted all inside /var/sss/db and > started sssd but that did not help .... >case sensitivity for user accounts is considered implementation dependent from the early days of Unix. However most Unixes from the late 1970's onward incorporated that user accounts were case sensitive in login. The later POSIX standards to try and formalize various divergences, kept it as being 'site dependent'. This was always problematic because DNS hostnames and email addresses in the RFC standards were case insensitive so that you could have accounts like abc, Abc, and ABC but only one of them would get email. LDAP sort of cuts a path between POSIX and RFC where depending on the LDAP servers configuration, it is either case sensitive or case insensitive. The client has little control over this because sending something the AD or LDAP server will not parse will give an error. The second issue is that login checks against what getent the account name is which is before LDAP gives an answer. Long long ago, you could look at using pam_regex to make sure that all accounts were seen as lower case so that when passed to LDAP they matched. However I haven't looked at that in close to 2 decades so I have no idea if it is still valid. -- Stephen J Smoogen.
On 09/07/2017 08:11 AM, Stephen John Smoogen wrote:> This was always > problematic because DNS hostnames and email addresses in the RFC > standards were case insensitiveNot quite.? SMTP is required to treat the "local-part" of the RCPT argument as case-sensitive, and to preserve case when relaying mail.? The destination is allowed to treat addresses according to local policy, but in general SMTP is case sensitive with regard to the user identifier.