A change was deployed to the Wikitech config 2019-04-15T23:16 UTC which prevents users from logging into the wiki with a username that differs in case from the 'cn' value for their developer account.
This change is not expected to cause problems for most users, but there may be some people who have historically entered a username with mismatched case (for example "bryandavis" instead of "BryanDavis") and relied on MediaWiki and the LdapAuthentication plugin figuring things out. This will no longer happen automatically. These users will need to update their password managers (or brains if they are not using a password manager) to supply the username with correct casing.
The "wrongpassword" error message on Wikitech has been updated with a local override to help people discover this problem. See https://phabricator.wikimedia.org/T165795 for more details.
Bryan, on behalf of the Cloud Services team
Great! Is this just for Wikitech itself or all ldap/wikitech authentication?
On Mon, Apr 15, 2019 at 7:56 PM Bryan Davis bd808@wikimedia.org wrote:
A change was deployed to the Wikitech config 2019-04-15T23:16 UTC which prevents users from logging into the wiki with a username that differs in case from the 'cn' value for their developer account.
This change is not expected to cause problems for most users, but there may be some people who have historically entered a username with mismatched case (for example "bryandavis" instead of "BryanDavis") and relied on MediaWiki and the LdapAuthentication plugin figuring things out. This will no longer happen automatically. These users will need to update their password managers (or brains if they are not using a password manager) to supply the username with correct casing.
The "wrongpassword" error message on Wikitech has been updated with a local override to help people discover this problem. See https://phabricator.wikimedia.org/T165795 for more details.
Bryan, on behalf of the Cloud Services team
Bryan Davis Wikimedia Foundation bd808@wikimedia.org [[m:User:BDavis_(WMF)]] Manager, Technical Engagement Boise, ID USA irc: bd808 v:415.839.6885 x6855
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Hello,
What was the reason for this change? What does it improve or fix?
On Tue, Apr 16, 2019 at 3:00 PM Andrew Otto otto@wikimedia.org wrote:
Great! Is this just for Wikitech itself or all ldap/wikitech authentication?
On Mon, Apr 15, 2019 at 7:56 PM Bryan Davis bd808@wikimedia.org wrote:
A change was deployed to the Wikitech config 2019-04-15T23:16 UTC which prevents users from logging into the wiki with a username that differs in case from the 'cn' value for their developer account.
This change is not expected to cause problems for most users, but there may be some people who have historically entered a username with mismatched case (for example "bryandavis" instead of "BryanDavis") and relied on MediaWiki and the LdapAuthentication plugin figuring things out. This will no longer happen automatically. These users will need to update their password managers (or brains if they are not using a password manager) to supply the username with correct casing.
The "wrongpassword" error message on Wikitech has been updated with a local override to help people discover this problem. See https://phabricator.wikimedia.org/T165795 for more details.
Bryan, on behalf of the Cloud Services team
Bryan Davis Wikimedia Foundation bd808@wikimedia.org [[m:User:BDavis_(WMF)]] Manager, Technical Engagement Boise, ID USA irc: bd808 v:415.839.6885 x6855
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
NVM, I just figured out that MW and Gerrit was creating duplicated accounts due to this
On Tue, Apr 16, 2019 at 3:16 PM Petr Bena benapetr@gmail.com wrote:
Hello,
What was the reason for this change? What does it improve or fix?
On Tue, Apr 16, 2019 at 3:00 PM Andrew Otto otto@wikimedia.org wrote:
Great! Is this just for Wikitech itself or all ldap/wikitech authentication?
On Mon, Apr 15, 2019 at 7:56 PM Bryan Davis bd808@wikimedia.org wrote:
A change was deployed to the Wikitech config 2019-04-15T23:16 UTC which prevents users from logging into the wiki with a username that differs in case from the 'cn' value for their developer account.
This change is not expected to cause problems for most users, but there may be some people who have historically entered a username with mismatched case (for example "bryandavis" instead of "BryanDavis") and relied on MediaWiki and the LdapAuthentication plugin figuring things out. This will no longer happen automatically. These users will need to update their password managers (or brains if they are not using a password manager) to supply the username with correct casing.
The "wrongpassword" error message on Wikitech has been updated with a local override to help people discover this problem. See https://phabricator.wikimedia.org/T165795 for more details.
Bryan, on behalf of the Cloud Services team
Bryan Davis Wikimedia Foundation bd808@wikimedia.org [[m:User:BDavis_(WMF)]] Manager, Technical Engagement Boise, ID USA irc: bd808 v:415.839.6885 x6855
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
On 4/16/19 7:59 AM, Andrew Otto wrote:
Great! Is this just for Wikitech itself or all ldap/wikitech authentication?
This notice is related to a change in mediawiki code, so concerns direct logins to wikitech itself. That said, the 2fa key used by Horizon is stored in a the wikitech database, so it's vaguely possible that Horizon logins could be disrupted as well.
Other services that rely on ldap for account creation (e.g. gerrit, icinga, etc.) are unaffected, although they may have unrelated case-(in)sensitive issues of their own.
On Mon, Apr 15, 2019 at 7:56 PM Bryan Davis bd808@wikimedia.org wrote:
A change was deployed to the Wikitech config 2019-04-15T23:16 UTC which prevents users from logging into the wiki with a username that differs in case from the 'cn' value for their developer account.
This change is not expected to cause problems for most users, but there may be some people who have historically entered a username with mismatched case (for example "bryandavis" instead of "BryanDavis") and relied on MediaWiki and the LdapAuthentication plugin figuring things out. This will no longer happen automatically. These users will need to update their password managers (or brains if they are not using a password manager) to supply the username with correct casing.
The "wrongpassword" error message on Wikitech has been updated with a local override to help people discover this problem. See https://phabricator.wikimedia.org/T165795 for more details.
Bryan, on behalf of the Cloud Services team
Bryan Davis Wikimedia Foundation bd808@wikimedia.org [[m:User:BDavis_(WMF)]] Manager, Technical Engagement Boise, ID USA irc: bd808 v:415.839.6885 x6855
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
wikitech-l@lists.wikimedia.org