Ticket #522 (closed task: fixed)

Opened 14 years ago

Last modified 14 years ago

[S] Resolve whether MyProxy can correctly handle usernames containing '.' ?

Reported by: pjkersha Owned by: pjkersha
Priority: required Milestone: PreBeta
Component: security Version:
Keywords: MyProxy, security Cc: Venkatasiva KONDAPALLI [vpk@…

Description

Tests show that credentials tied to a username containing '.' character can be stored and that proxy delegation commands can be carried out. However, it does not work with the admin command myproxy-admin-query.

myproxy-admin-query is run from the host where MyProxy is stored. It can be used to check what credentials are stored and also to remove credentials. When a query command is run on a username containing a '.' character it returns with No credentials found. even though a credential with that username is stored in the repository.

This problem may not be an issue for NDG MyProxy web services as they probably do not need to use the myproxy-admin-query command explicitly.

  • Send a query to the MyProxy mailing list explaining the problem

This issue affects the BODC as they use e-mail address as username for online login to resources. This would be expected to be the same as the MyProxy login name.

If it is a problem the following workaround could be used for login:

  1. User submits e-mail address style username and password in an online login form
  2. BODC user database contains an additional field of MyProxy username in a table
  3. Server side code queries the database for a matching MyProxy username to the e-mail address submitted at login
  4. The MyProxy username is sent to the MyProxy WS for proxy delegation.

Change History

comment:1 Changed 14 years ago by pjkersha

  • Status changed from new to closed
  • Cc Venkatasiva KONDAPALLI [vpk@… added
  • Resolution set to fixed

Response from Jim Basney on MyProxy mailing list indicates that we are OK to use '.' in usernames provided we are not reliant on myproxy-admin-query for any of the NDG security core functionality.

This should be OK as myproxy-admin-query is not very useful to security WSs as it only runs from the host where MyProxy is installed.

See MyProxy Bugzilla:  http://bugzilla.ncsa.uiuc.edu/show_bug.cgi?id=280

Note: See TracTickets for help on using tickets.