Bug 2197 - Should the client send username unmodified or lowercased?
Summary: Should the client send username unmodified or lowercased?
Status: CLOSED FIXED
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: VSM Server (show other bugs)
Version: trunk
Hardware: PC Linux
: P2 Normal
Target Milestone: 4.0.0
Assignee: Aaron Sowry
URL:
Keywords: hean01_tester
Depends on:
Blocks:
 
Reported: 2006-10-06 14:31 CEST by Erik Forsberg
Modified: 2012-11-28 11:29 CET (History)
0 users

See Also:
Acceptance Criteria:


Attachments

Comment 2 Pierre Ossman cendio 2008-04-03 08:53:41 CEST
A few other arguments to stop fiddling with the username on the client side:

- You lose information that you might not be able to get back. If the users are well aware of the case sensitivity, and enter their user name correctly, then ThinLinc is currently unable to get that user name as the client never sends it.

- The same user name transformation the client does needs to be implemented in bug 2715 as well, making it more difficult to turn off the transformation the day we decide we want to do so.

I strongly believe that having this in tlclient is solving the problem at the wrong place. If the administrator uses an authentication system that doesn't match his requirements, then a workaround should be placed as close to that authentication system as possible (e.g. a transforming proxy or some special nss module).
Comment 3 Pierre Ossman cendio 2008-04-07 09:06:53 CEST
Another argument against lower casing at the client is the whole mess with locales.

There is no one true way of mapping upper and lower case letters. For example, the Turkish "I" is not the upper case version of the Turkish "i". This means that you cannot lower case a string without knowing if the "I" is English or Turkish.

To solve this, all systems involved need to agree on the locale used. ThinLinc uses the locale it gets from the environment, but there is no handshake to synchronise that with the authentication server.

To make things worse, many authentication systems have not properly specified how case is handled. For LDAP it was originally implementation defined. Since RFC 3454, there is a locale independent mapping table.

It is unknown which mappings popular systems like OpenLDAP, eDirectory and Active Directory use, or if they are dependent on system settings.


The practical result of this mess is that "Åsa" can only login provided that either both ThinLinc and the authentication system agree that "Å" does not have a lower case, or that the authentication system is aware of the "Å"-"å" mapping (making any changes on the client irrelevant). Formally, the client's mapping table must be a subset of the authentication system's.
Comment 4 Peter Åstrand cendio 2008-04-07 11:18:15 CEST
The server side issue is handled on bug 2753. 
Comment 5 Peter Åstrand cendio 2008-05-22 15:04:25 CEST
For 2.1.0, we will not change the current client behaviour of doing lowercase. Long-term, we might want to change this, but in that case, we need to start with investigating which NSS/PAM modules that are case sensitive, and perhaps fix those that are. 

We should also fill in any customer feedback wrt this issue on this bug. 
Comment 11 Peter Åstrand cendio 2012-07-31 10:28:13 CEST
I believe that this should be configurable, and the default should be not to change the case. Configurable only by configuration file / registry; not in the GUI.
Comment 13 Aaron Sowry cendio 2012-08-01 10:50:19 CEST
Configuration option added in r25554.
Comment 14 Aaron Sowry cendio 2012-08-01 11:20:31 CEST
Documentation added in r25556. This should complete the bug - tester should test actual functionality, and also make sure we alert customers of this change via relevant channels (mailing list, release notes etc).
Comment 15 Henrik Andersson cendio 2012-10-17 15:47:33 CEST
auth.xml - refers to case insensitive username as a limitation of ThinLinc client.
Comment 16 Aaron Sowry cendio 2012-10-18 11:42:23 CEST
(In reply to comment #15)
> auth.xml - refers to case insensitive username as a limitation of ThinLinc
> client.

Fixed in r26035.
Comment 17 Henrik Andersson cendio 2012-10-19 10:14:49 CEST
Reviewed the commits and it do look fine, verified with client build 3680 that toggle of the bit LOWERCASE_LOGIN_NAME works as expected and docs do now look ok.

Note You need to log in before you can comment on or make changes to this bug.