authd
authd copied to clipboard
ubuntu
Feature: Modified usernames
Is there an existing request for this feature?
- [X] I have searched the existing issues and found none that matched mine
Describe the feature
When logging in using an Entra email ID (e.g., [email protected]), the username and home directory on the VM are the full email address (e.g., /home/[email protected]).
For orgs with only one login domain, it would be great to have the username not include the @foo.com portion. So the username in this case would be bill and the home directory would be /home/bill.
Describe the ideal solution
No response
Alternatives and current workarounds
No response
System information and logs
No response
Relevant information
No response
Double check your logs
- [X] I have redacted any sensitive information from the logs
As a note: if we are going to support such feature:
- we need to take into account as the user name is used also for local group membership
- consequently, the user name should not conflict with any other local users on the machine and some checks should be done with some integration to ensure that you can’t add a local user afterwards either if the tools don’t do a nss request first
@didrocks We are using a network-mounted shared home directory. Given the lack of uniqueness and consistency guarantees with the current authd UID implementation, I actually want to add a local user with a known UID to every machine but without the ability to login using that local user. Logins would then be mediated by authd, but when they get in, the UID would be set according to the entry in /etc/passwd.
consequently, the user name should not conflict with any other local users on the machine and some checks should be done with some integration to ensure that you can’t add a local user afterwards either if the tools don’t do a nss request first
At least useradd and adduser seem to check if the user already exists in NSS:
$ sudo adduser --allow-bad-names [email protected]
info: Allowing use of questionable username.
fatal: The user `[email protected]' already exists.
$ sudo useradd --badname [email protected]
useradd: user '[email protected]' already exists
Guys, this feature is necessary for compliance reasons also. Some companies need to hide suffixes (email part @foo.com). Also, it will save space in small terminal windows and make it easier to manually enter paths and usernames in local environments or network shares.
I will +1 on this for the same reasons as @SimbiotVenom , but add
-
The '@' character doesn't appear in the list of "portable filename" characters specified by POSIX (see https://pubs.opengroup.org/onlinepubs/9799919799/basedefs/V1_chap03.html#tag_03_409 and https://pubs.opengroup.org/onlinepubs/9799919799/basedefs/V1_chap03.html#tag_03_265). This isn't technically non-compliance by itself, because the standard doesn't seem to forbid the use of other characters; it just specifies the minimum acceptable set, but
-
As a result of the first point, some portable software breaks, both for the username and for the home directory name. My colleagues are running into some examples recently which mean they have to stop and find a way around it instead of just doing their job.
Being able to configure a short alias would go a long way to making many people's lives easier.
