dealing with usernames containing whitespace

simo idra at samba.org
Tue Jan 30 21:42:05 GMT 2007


On Tue, 2007-01-30 at 15:37 -0600, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Simo,
> 
> > I think we need something to "fix" the problem, but I am 
> > not sure why you need something configurable, wouldn't
> > it be less  prone to misuse
> 
> How is this option prone to misuse?  Using ambigous
> characters such as '\' ? :-)  I'll agree with that.

Exactly :-)

> > to have a parameter named something like:
> >  winbind normalize names = yes/no
> > 
> > This parameter always lower cases names and 
> > substitutes  spaces with underscores* ?
> 
> I considered that and started to reply that I think
> the flexibility is warranted given that valid characters in
> an account name is site policy.  But then thinking about
> characters we would have to black list, I'm ok with
> hardcoding an '_' character to replace spaces (at least
> at first).

We can always change it later if we find out we absolutely need to
provide a way to use other substitution characters.

> > I like flexibility, but I don't like that much 
> > the winbind separator thing for example, where some
> > users use \ others + and others even more
> > strange ones, it gives us for more confusion than 
> > flexibility IMO.
> 
> No one has ever loudly complained about that.  But
> I agree people should just learn to deal with the '\'
> character as the separator.  I don't really see this
> as a source of confusion though.  Just my opinion.

What I am honestly scared of is scripts that pass the user name around
without escaping. It is the same thing class of problems as with the
space, at some point you have that AD\Myuser becomes ADMyuser, the
backslash is lost and the names do not match anymore ... :-(

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org



More information about the samba-technical mailing list