Page MenuHomePhabricator

aeiser (Alex Eiser)
User

Projects

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Thursday

  • Clear sailing ahead.

User Details

User Since
May 22 2018, 7:03 PM (47 w, 6 d)
Availability
Available

Recent Activity

Fri, Apr 19

remusvrm awarded Changelog a Like token.
Fri, Apr 19, 7:09 PM

Jan 25 2019

aeiser added a comment to T13231: Duo MFA Support.

Another issue here is that Duo doesn't seem to have a way to prevent new user creation. YIf you /preauth a user, they get an enroll link whether they already have an account in Duo or not, and there's no apparent way to distinguish between "this creates a new user" and "this encourages an existing user, who has already been created but has not enrolled a device yet, to enroll".

Jan 25 2019, 12:25 AM · Auth

Jan 24 2019

aeiser added a comment to T13231: Duo MFA Support.

If we want to synchronize to existing accounts, I think it's not good enough for us to pick the user's email address unless that's also the username the organization already uses -- in your case, is it?

Jan 24 2019, 10:56 PM · Auth
aeiser added a comment to T13231: Duo MFA Support.

FWIW - most users of this feature (especially after T13229) will be organizations that already have DUO in their environment, and likely already have users defined in DUO. Creating random usernames, or PHID's is probably not going to work for most of those organizations. Phabricator does require email's to be unique (no reuse) so that might be a better choice for initial userid setting?

Jan 24 2019, 7:16 PM · Auth

Dec 3 2018

aeiser updated subscribers of rP1d0b99e1f834: Allow applications to require a High Security token without doing a session….

I missed the discussion in by @amckinley in D19843, which addressed my concern (same as you did above)... sorry for the duplicate question.

Dec 3 2018, 4:36 PM
aeiser added a comment to rP1d0b99e1f834: Allow applications to require a High Security token without doing a session….

This isn't a fatal flaw in Legalpad, but would become a problem with wider adoption. I'll work on fixing this (so the MFA token sticks to the form) in the next set of changes.

Dec 3 2018, 2:08 PM

Jun 20 2018

aeiser added a comment to T11195: Drydock's working copy should run "git lfs fetch && git lfs checkout" for repositories known to use Git LFS.

We have a similar issue - however I think the "fix" is probably worse then the workaround.

Jun 20 2018, 2:37 AM · Drydock, Feature Request