Closed
Bug 576490
Opened 14 years ago
Closed 10 years ago
Notify user when Kerberos failed that usernames (principial) are case-sensitive
Categories
(Thunderbird :: Account Manager, enhancement)
Thunderbird
Account Manager
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: shopik, Unassigned)
Details
Attachments
(1 file)
(deleted),
patch
|
BenB
:
review-
|
Details | Diff | Splinter Review |
Currently error message looks like this "Please check that you are logged in to the Kerberos/GSSAPI realm."
I suggest add note that username are case-sensitive.
Please check that you are logged in to the Kerberos/GSSAPI realm. User name are case-sensitive.
Updated•14 years ago
|
No longer depends on: 525238
Summary: Notify user when Kerberos failed what username(principial) are case-sensetive → Notify user when Kerberos failed that usernames (principial) are case-sensitive
Reporter | ||
Comment 1•14 years ago
|
||
Wayne, Ludo,
Any thoughts how this should be re-worded if need? If it sounds fine I'll attach patch to change string.
Comment 2•14 years ago
|
||
Looks fine by me. Proceed with the patch.
Reporter | ||
Comment 3•14 years ago
|
||
not sure who should done string review
Attachment #459777 -
Flags: review?
Reporter | ||
Updated•14 years ago
|
Status: NEW → ASSIGNED
Comment 4•14 years ago
|
||
I don't think this is necessary. Usernames are generally always case-sensitive. The login happens at the OS level, and the login UI of the OS is responsible for telling users such details.
More importantly, the username case is a setup problem. However, this UI regularly comes up during everyday use when the users ticket expired or he has not yet logged in (via the OS). In other words, this msg is the equivalent of "please enter your password", in an app that can't store passwords.
It's inappropriate to clutter this frequent message with notes about potential setup problems that we don't even know are the problem here at all.
So, I don't think this message should be changed.
Do use the username at all? We have a field, but I'm not sure its content actually makes a difference. If so, wouldn't it be better to add the note where you enter the username?
Updated•14 years ago
|
Attachment #459777 -
Flags: review-
Comment 5•14 years ago
|
||
> he has not yet logged in (via the OS).
ops, I might be confused about this.
Reporter | ||
Comment 6•14 years ago
|
||
(In reply to comment #4)
> I don't think this is necessary. Usernames are generally always case-sensitive.
> The login happens at the OS level, and the login UI of the OS is responsible
> for telling users such details.
MS Windows allow case insensitive user names to log in.
> Do use the username at all? We have a field, but I'm not sure its content
> actually makes a difference.
I've usually setup username via environment variable %USERNAME% in windows. It does make difference for example I may enter username@REALM.TLD, and it will send request for such principal. I think it suppose to be working with cross-realm setups, but I not tried it.
>If so, wouldn't it be better to add the note where you enter the username?
Yeah I do agree this maybe better place to advertise about potential problems.
Comment 7•14 years ago
|
||
Can you please describe when there is an actual problem? Does the username field in Thunderbird (and its case) make any difference?
Reporter | ||
Comment 8•14 years ago
|
||
Changing case of username, make login fail.
nshopik - working
Nshopik - fail
nshopik@REALM.TLD - working
nshopik@relam.tld - fail(which is fine, realm always upper-case)
Error message looks kinda strange. The Kerberos/GSSAPI ticket was not accepted by the IMAP server Nshopik@realm.tld. Where Nshopik@realm.tld is account name not hostname of IMAP server.
Comment 9•14 years ago
|
||
> Changing case of username, make login fail.
In Thunderbird username field, I assume.
Which Kerberos lib is that?
> Nshopik@realm.tld is account name not hostname of IMAP server.
Ah, I guess we could add "for" in the (English) msg, i.e.:
"The Kerberos/GSSAPI ticket was not accepted by the IMAP server for nshopik@REALM.TLD. ..."
BTW: To change strings, we need to change the string ID (and therefore the code) as well, otherwise other locales will not pick up the change.
Reporter | ||
Comment 10•14 years ago
|
||
(In reply to comment #9)
> > Changing case of username, make login fail.
>
> In Thunderbird username field, I assume.
> Which Kerberos lib is that?
I did tried MIT on Windows 7 and Domain joined Windows 2003 client. I think problem itself lies in Windows itself.
MIT lib will try get TGT for default identity and if username in Thunderbird doesn't match default identity it will fail.
In vanilla Windows Kerberos lib TGT always given to lower case username if it created as lower case, and if username created as UPPERCASE it will always be uppercase regardless username during OS login screen.
Reporter | ||
Comment 11•14 years ago
|
||
Did additional test on linux machine with MIT installed. Tried different case for OS login and TGT issues correctly according OS login case.
What windows machine is doing during OS login is setting FLAG canonicalize for AS-REQ, and thus different username in AS-REP.
Comment 12•14 years ago
|
||
Nikolay, you're saying it works on Linux with MIT Kerberos libs regardless of case of username? But not in Windows?
Reporter | ||
Comment 13•14 years ago
|
||
Ben, if I log in into Linux with username _NSHOPIK_ and Thunderbird will have same username it will work correctly, but entering _nshopik_ in thunderbird make login fail.
If I log in into Windows with username _NSHOPIK_ and Thunderbird will have same username it will fail to log in, because TGT is for username _nshopik_.
Comment 14•14 years ago
|
||
Comment on attachment 459777 [details] [diff] [review]
update error message
I'm not sure what happened with the review flags here, but clearing empty request flag as it won't get looked at. Please re-request if necessary.
Attachment #459777 -
Flags: review?
Reporter | ||
Comment 15•14 years ago
|
||
After discussions with Ben, decisions was made not update error message but find better place to notify user about that.
Reporter | ||
Updated•13 years ago
|
Status: ASSIGNED → NEW
Comment 16•10 years ago
|
||
(In reply to Nikolay Shopik from comment #15)
> After discussions with Ben, decisions was made not update error message but
> find better place to notify user about that.
Have you identified such a place?
Flags: needinfo?(shopik)
Comment 17•10 years ago
|
||
It would help to have an actual reproduction, including all steps in Windows and in Thunderbird, from the setup to when the problem appears, every click. Then show in which step the user made a mistake and what would have been the correct entry.
Reporter | ||
Comment 18•10 years ago
|
||
What steps exactly are you looking for? Its simple as title says, if you are using GSSAPI, your username are case-sensitive, that's it
Flags: needinfo?(shopik)
Updated•10 years ago
|
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → INCOMPLETE
Comment 19•10 years ago
|
||
All clicks and keyboard entries that you need to do, from a fresh (newly installed) Windows, to seeing the bug.
Reporter | ||
Comment 20•10 years ago
|
||
(In reply to Ben Bucksch (:BenB) from comment #19)
> All clicks and keyboard entries that you need to do, from a fresh (newly
> installed) Windows, to seeing the bug.
There is just one step and simple as entering in username field "Shopik" instead of "shopik" and it fails with generic message, which I suggest to improve to give user a clue, that usernames are case-sensitive.
Status: RESOLVED → REOPENED
Resolution: INCOMPLETE → ---
Comment 21•10 years ago
|
||
I have no idea what you're talking about. Not even where that "username field" is that you're talking about. And you definitely need to enter a password *somewhere*, probably not in Thunderbird, but somewhere else.
I have no idea what is in your head unless you spell it out, *all* of it. I need to understand the context.
From a fresh Windows with fresh Thunderbird, there are many more steps to set up Kerberos on that machine, and setting up Thunderbird with Kerberos. I need every single step described.
Status: REOPENED → RESOLVED
Closed: 10 years ago → 10 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•