[X2Go-Dev] Effective username not correct in Session ID because of plus sign in user names (Windows AD / Samba4)
Joost Rohde
j.rohde at bd8.nl
Tue Mar 20 11:22:40 CET 2018
On 20-03-18 11:04, Stefan Baur wrote:
> Am 20.03.2018 um 10:56 schrieb Mihai Moldovan:
>> There are also problems with backslashes and other characters in user names.
>>
>> They originate from a new sanitization feature in X2Go Server that drops
>> characters not deemed suitable for a username.
>>
>> A plus sign might not be part of the allowed character set, which would explain
>> this behavior.
>>
>> We've had such an discussion before and I'm still not completely sure what to do
>> with it. It sounded like sanitization was a good idea at first, but seeing it
>> causes problems often (well, for AD and NIS users only most of the time), maybe
>> I should rework this and just accept any input.
>>
>>
>> Not sure if that is a smart idea, though.
> Maybe we could add a config variable X2GO_ALLOW_IN_USERNAME, so admins
> could adapt it to their needs, yet it wouldn't be our fault if they
> shoot themselves in the foot with it?
> Ship with a sane default (like we do now) and add a proper description
> in the comments, everything else is up to the admin.
>
> Kind Regards,
> Stefan Baur
Googling around a bit i think allowing justĀ '\' and '+' would suffice.
A backslash is the default winbind separator *, and a plus sign very
common to use.
I didn't see any other characters used (yet), but making it a config
variable would indeed help for these rare cases and gives admins some
flexibility.
Best,
Joost
*
https://www.safaribooksonline.com/library/view/using-samba-second/0596002564/re300.html
More information about the x2go-dev
mailing list