On 4/16/19 7:59 AM, Andrew Otto wrote:
Great! Is this just for Wikitech itself or all
ldap/wikitech
authentication?
This notice is related to a change in mediawiki code, so concerns direct
logins to wikitech itself. That said, the 2fa key used by Horizon is
stored in a the wikitech database, so it's vaguely possible that Horizon
logins could be disrupted as well.
Other services that rely on ldap for account creation (e.g. gerrit,
icinga, etc.) are unaffected, although they may have unrelated
case-(in)sensitive issues of their own.
On Mon, Apr 15, 2019 at 7:56 PM Bryan Davis <bd808(a)wikimedia.org> wrote:
A change was deployed to the Wikitech config
2019-04-15T23:16 UTC
which prevents users from logging into the wiki with a username that
differs in case from the 'cn' value for their developer account.
This change is not expected to cause problems for most users, but
there may be some people who have historically entered a username with
mismatched case (for example "bryandavis" instead of "BryanDavis")
and
relied on MediaWiki and the LdapAuthentication plugin figuring things
out. This will no longer happen automatically. These users will need
to update their password managers (or brains if they are not using a
password manager) to supply the username with correct casing.
The "wrongpassword" error message on Wikitech has been updated with a
local override to help people discover this problem. See
<https://phabricator.wikimedia.org/T165795> for more details.
Bryan, on behalf of the Cloud Services team
--
Bryan Davis Wikimedia Foundation <bd808(a)wikimedia.org>
[[m:User:BDavis_(WMF)]] Manager, Technical Engagement Boise, ID USA
irc: bd808 v:415.839.6885 x6855
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l