Email addresses as usernames?

Due to the realms being defined with @realm, is it possible to use an email
address for the username?

Secondly, is it possible to have BOTH an email address with a realm?

So for example, I’d like to roll out 2FA to email users. I envision
multiple possible realms: @webmail, @controlpanel, @imap, @pop, @smtp - a
username could be @Rick_Romero@imap. How would that work?

I’m just about to roll out privacyIDEA to VPN users (not email addresses)
via Radius, and I really like it. Just wondering how I could apply it if
my usernames are full email addresses…

Thanks,
Rick

Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpVc0ZzTEFBb0pFQkJoWkZVdWpZRkpuRlVRQUowTDZOQStyUEY2M1RYUXhXWXY5
a2NiDQozejVZaWVDWGY3bElyM01Uc2JaeEgzS3E0ZmRFRlFuRU1PSnRDd2hMWE51ZDY4dVdVbGpq
VmxKbUI1blVBQTEvDQowbWYyTWN6QjhVOUxRdFcxYmF2Z0FjVjVaSk9NQTdIeEdheTFTRVY0U1Iz
YXdseTB2dlVXVXYyUXhTZ3R2M3MyDQpMMEppdGZvQ05SSlk4bmZuU0RETzJZSTBaTzRnYUc0UHRw
UmhoQ1oxYTF6eW9EZUtPLzcwelNzTnVPQmdUeTV0DQpSS2ZIQXM3cU94YndRR0hWM29yR2ZoSDk4
eFhKR0EzV2hJYTlKbDhadzV5bVM2VWwrV0dNYzZIcFM2NWhleDhKDQpGcEN0SkNnUk5sMWcxUnE1
SXJxY2hlUmkybEEyd2kzTHVCK3hRNSs4N0QwTml2YzFZUTBGSlYzMXkxaHNqbkEvDQpnL0Mrc1lX
R0R1cFBaOERvdUJEWWNqRGk3L2E3ZGhJemVVbHpTVjlROXIzdnJVVnBJWk1UYWlBcTNVVmh4RmQv
DQpkNzhHUTR1d2QraGdvZUh5cVEwREVkRllpdmZOYlY2VGtWaWdXS1kwTGhBa3JMTmk5RVViRVJz
aXU3THBJQUxmDQpRVnNzdnYyZU9sUXRqd3Z6ZDFQbFJ3THlLdEc2N3IwSVo2NlhXdlZEYW9OVHBG
NTVGY044bXZmQ1hnME1BV1NjDQpPbzdQeE9xbFhaNlZrNDNQMC9rcjB4UjdjWnB0TXhlWjVubVg3
RlNodWN5K2Vic0xhZDh6dWg4RzZtaGNnU0pjDQpkaUdOQ0xMell4N3htK05KdGkxRHh6OU9ub0g3
Z0NBTzYzVVVaKytQTlFpNUpRb1g4Yi9taXVUOFF0T1UxNnEyDQpxR0p3V21WRjF3T0hoNFY2cEYw
ag0KPTl0UEcNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K

Awesome. I don’t need it yet, so don’t worry about spending any more time
on it. If 1.51 isn’t released, I’ll take a look at the build process
before asking you.
I don’t need any templates changed, I just made a title change it see if it
would take - I really didn’t spend any time on it.

I still have to figure out the best way to integrate it into my site before
the ‘@’ even comes into play.

Thanks for your time!
RickOn Monday, January 12, 2015 at 2:06:04 PM UTC-6, Cornelius Kölbel wrote:

Hi Rick,

the @-sign can not be changed at the moment.

At the moment I am migrating privacyidea to another backend framework and
another Web UI. So there is room for improvements and input.
But will still take a few month for productive use. I plan to release the
draft of 2.0, which can be looked at to get an impression…

I just committed a patch (easy) that will allow to login like this to the
master branch

https://github.com/privacyidea/privacyidea/commit/e2067e999e800c999d33be4b387ff798f046f81a

If you are ready I can pack a version 1.5.1.

Which templates do you need to change?
The templates do not have much python. They are in fact html with the mako
templating language.

Kind regards
Cornelius

Am 12.01.2015 um 19:58 schrieb Rick Romero:

Ok - For the email address usernames, I haven’t even installed it yet.
That’s a whole other network from what I’ve already deployed.

I’ve already thought about maybe switching up the @ for % prior to sending
auth request to privacyidea. The backend SQL does have to combine uid and
domain anyways, but before I started I was just wondering what approach I
should start with. The only problem with using % is using privacyidea’s
self-service, user’s won’t expect to use a % instead of @. But even so,
I’m not sure I want to have users auth a 2nd time from the control panel,
and I might just manage it all via HTTP requests…

Can the realm delimited be something other than @?

Still a lot to consider on this end… I’m not a python guy, I tried
modifying a template and it didn’t take, so any customizations to
privacyIDEA would also be an uphill climb.

Thanks!
Rick

On Friday, January 9, 2015 at 4:49:51 PM UTC-6, Cornelius Kölbel wrote:

Hello Rick,

I always thought that it should work.
But I just realized, that there is a minor bug in the code, which does
split
havo...@gmail.com@imap
into havokmon, gmail.com, imap and not
havo...@gmail.com, imap

Hm. Bad.

On which system are you running privacyidea?
I might release a patch…

Anyway, You could decide to not use the @ sign for realm splitting (if
this is an option for for you)

Kind regards
Cornelius

Am 09.01.2015 um 23:09 schrieb Rick Romero:

Due to the realms being defined with @realm, is it possible to use an
email address for the username?

Secondly, is it possible to have BOTH an email address with a realm?

So for example, I’d like to roll out 2FA to email users. I envision
multiple possible realms: @webmail, @controlpanel, @imap, @pop, @smtp - a
username could be havo...@gmail.com@imap. How would that work?

I’m just about to roll out privacyIDEA to VPN users (not email addresses)
via Radius, and I really like it. Just wondering how I could apply it if
my usernames are full email addresses…

Thanks,
Rick

You received this message because you are subscribed to the Google Groups
"privacyidea" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/ee94c202-85c3-4836-a261-f0edbde116cd%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/ee94c202-85c3-4836-a261-f0edbde116cd%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbelcorneliu…@netknights.it
+49 151 2960 1417

NetKnights GmbHhttp://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel


You received this message because you are subscribed to the Google Groups
"privacyidea" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/0002fd08-fd9c-42dc-940f-b58bdff48892%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/0002fd08-fd9c-42dc-940f-b58bdff48892%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbelcorneliu…@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbHhttp://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

Ok - For the email address usernames, I haven’t even installed it yet.
That’s a whole other network from what I’ve already deployed.

I’ve already thought about maybe switching up the @ for % prior to sending
auth request to privacyidea. The backend SQL does have to combine uid and
domain anyways, but before I started I was just wondering what approach I
should start with. The only problem with using % is using privacyidea’s
self-service, user’s won’t expect to use a % instead of @. But even so,
I’m not sure I want to have users auth a 2nd time from the control panel,
and I might just manage it all via HTTP requests…

Can the realm delimited be something other than @?

Still a lot to consider on this end… I’m not a python guy, I tried
modifying a template and it didn’t take, so any customizations to
privacyIDEA would also be an uphill climb.

Thanks!
RickOn Friday, January 9, 2015 at 4:49:51 PM UTC-6, Cornelius Kölbel wrote:

Hello Rick,

I always thought that it should work.
But I just realized, that there is a minor bug in the code, which does
split
havo...@gmail.com@imap <javascript:>
into havokmon, gmail.com, imap and not
havo...@gmail.com <javascript:>, imap

Hm. Bad.

On which system are you running privacyidea?
I might release a patch…

Anyway, You could decide to not use the @ sign for realm splitting (if
this is an option for for you)

Kind regards
Cornelius

Am 09.01.2015 um 23:09 schrieb Rick Romero:

Due to the realms being defined with @realm, is it possible to use an
email address for the username?

Secondly, is it possible to have BOTH an email address with a realm?

So for example, I’d like to roll out 2FA to email users. I envision
multiple possible realms: @webmail, @controlpanel, @imap, @pop, @smtp - a
username could be havo...@gmail.com@imap <javascript:>. How would that
work?

I’m just about to roll out privacyIDEA to VPN users (not email addresses)
via Radius, and I really like it. Just wondering how I could apply it if
my usernames are full email addresses…

Thanks,
Rick

You received this message because you are subscribed to the Google Groups
"privacyidea" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/ee94c202-85c3-4836-a261-f0edbde116cd%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/ee94c202-85c3-4836-a261-f0edbde116cd%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbelcorneliu…@netknights.it <javascript:>
+49 151 2960 1417

NetKnights GmbHhttp://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9wZ3Atc2lnbmF0dXJlOyBuYW1lPSJzaWduYXR1cmUu
YXNjIg0KQ29udGVudC1EZXNjcmlwdGlvbjogT3BlblBHUCBkaWdpdGFsIHNpZ25hdHVyZQ0KQ29u
dGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNpZ25hdHVyZS5hc2MiDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MQ0KDQppUUlj
QkFFQkFnQUdCUUpVdENraEFBb0pFQkJoWkZVdWpZRkpsdjBRQUlDcmJycGcwYjFUUWwrSmQrUk9i
TU1hDQpyRU1EalVwcWJaN2s4QmdXcnZsL0x0ZTlTaXVZZCtuMUl1RXFSbzRWS0ExNjNsK0hBbktL
bXpxVVZqY0pEamJjDQpOSjEzenFJRHdxSSsxUEV3dVVBbXpGQVI0MFBueVdON1FxRGpYdGFxWlE4
VTk5eDZsNUxMY29QQnM2MjJHSDBEDQpoZHdiL0NIM0xzY2JjalRTemkxNUtmd3BIR2Ira1RoS1Jr
ekhkT2lxM1hwWTRqUG9WU0dmOVZwTlFlWk15OXQ4DQpTVlF3MVRuYVBSeGFqUm56YVNpaDF4RWNF
bjFpRmk5ZUhHV2hOWHgxMmZWRS96bm1FOC84a1hRMjZVTCtybzNiDQp5QVZvRWlEWm9zd2tWTjB3
bkdmeVh1TmNhWVppVkpuZVVaUldkckd2L1dZcDMvK3J3bGo4OFgxclZVck5yRWEvDQpFZTdrVGlZ
cmZBTi9JYyszOGRSWEp4K1o3VkFwbDVHem9yNGNsbkVQcS9ic0c0V3FMKzEwL3hLL0xDeXhKZHE3
DQp4d0h0bzl3Zjk0S1V2dldHc2V3eCt3Y0hndUZ3WTIyZy9qK1lxeHpBRjEvL3IrV3RKcjU3ZHBs
anh0MXVlcWh6DQpqSkFpM05pWEpGcFZPVWM5d2JMVnNSK3MwaDU2SU53WEVKNHZVbDVnWHluN1Rm
NGllTkF2bkt3THMwTnJEYU12DQpqaWVRQ3BNZXdzRUxPc0dZNUJzaEhLd1hkTFp1U2NYRk5xMG96
elYyNjVKalBhcWRkaWR5TTR3T2xaNkFZTHo4DQprZTg4MUFRMUo0T2hKRUVkNVl0WEp3QmJKQ0lm
aFJINEtuV29RTVBFQkJ5REJnUjNTZUhSVHo3WVBrZUxrRVlFDQpOVHNBdk5ibUoyRlRCRUc0YS9j
MA0KPTJCY3gNCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K