Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When using basic authentication, automatically strip any @domain information #2732

Closed
ycaoxa opened this issue Jun 13, 2019 · 2 comments
Closed
Labels
bug Undesired behaviour enhancement General tag for an enhancement resolved A fixed issue
Milestone

Comments

@ycaoxa
Copy link

ycaoxa commented Jun 13, 2019

user1 ,user1@Domain considered as the same user in most of authentication system . For now in Cacti, they are treated as two different users if want to login using them.

Suggest add fix in auth_login.php:
$dompos = strpos($username, "@");
if ($dompos != 0)
{ $username = substr($username,0,$dompos);
}

@netniV
Copy link
Member

netniV commented Jun 13, 2019

We specifically do not do this because of LDAP integration. There may be many user1's at different points of a domain within a given realm, eg. user1@domain.com user1@sub.domain.com or user1@yet.another.domain.com

For that reason alone, most authentication systems that I have dealt with require more than just the name. However, cacti does allow you to use just the username if you are not using the above format (eg, the distinguished name over userprincipalname or the local user authentication)

@cigamit
Copy link
Member

cigamit commented Jun 22, 2019

In the near term, we should trim this, but I see it as an obvious way to support multiple auth domains. However, I expect that the user account is still just user1. So, some thought needs to be given to this more long team. This impacts basic auth only.

@cigamit cigamit added the enhancement General tag for an enhancement label Jun 22, 2019
@cigamit cigamit changed the title User1 and User1@domain need to be treaded as the same user Strip domain name from basic authentication when its present Jun 22, 2019
cigamit added a commit that referenced this issue Jun 22, 2019
Strip domain name from basic authentication when its present
@cigamit cigamit added bug Undesired behaviour resolved A fixed issue labels Jun 22, 2019
@cigamit cigamit added this to the v1.2.5 milestone Jun 23, 2019
@netniV netniV closed this as completed Jun 27, 2019
@netniV netniV changed the title Strip domain name from basic authentication when its present When using basic authentication, automatically strip any @domain information Jul 14, 2019
@github-actions github-actions bot locked and limited conversation to collaborators Jun 30, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Undesired behaviour enhancement General tag for an enhancement resolved A fixed issue
Projects
None yet
Development

No branches or pull requests

3 participants