Disable (password) Regenerate button in LDAP authentication mode

[GoogleCodeExporter]

Settings/SSH Keys next to the username/password fields there is a button called 
Regenerate.

When users (accidentally) press that button, a password gets created for the 
user's SSH account.

Once you click it once, the password field in account_external_ids gets set to 
a new random password.

This causes every git SSH operation now prompt for a password, even if things 
were working fine before clicking the Regenerate button.

It's not possible to NULL out the password in the UI.  You can only regenerate 
a new random password, but there's no option to unset it.

I think it'd be best to be able to disable this button completely when in LDAP 
mode.  At least I don't see how this feature could provide any value, since 
authentication for git operations is already done via SSH keys.

Not sure if this applies to other authentication methods.

Original issue reported on code.google.com by jjhel...@gmail.com on 18 Jun 2010 at 11:37

[GoogleCodeExporter]

I agree that it makes not much sense to generate a password in case LDAP is 
used for authentication. As said login into Gerrit WebUI is handled by LDAP and 
Git communication is secured by using SSH. So there is not much value in having 
this generated password. On the other hand in case of LDAP it is annoying that 
once the user (accidentially) generated a password there is no way back and the 
password has always to be provided for the Git SSH operations.
Are there any reasons against always disabling this button in case of LDAP 
authentication?

Original comment by edwin.ke...@gmail.com on 1 Jul 2010 at 11:44

[GoogleCodeExporter]

There is a change for review that allows the user to clear the password:
https://review.source.android.com/15829

With this users can simply remove the password if they have accidentially 
clicked on the 'Generate Password' button.

Original comment by edwin.ke...@gmail.com on 15 Jul 2010 at 1:23

[GoogleCodeExporter]

Right.  So this password exists for HTTP repository access, for URLs
like http://review.example.com/p/project.git.  If you need to login
to access the project (or are pushing), we use your username and a
password that is dedicated to this repository access purpose.  That
way its lower risk to embed the password in your ~/.netrc.

I put in a clear button in change 15829 as Edwin points out above,
but I'm not sure we should actually disable this feature.

Original comment by sop@google.com on 15 Jul 2010 at 2:13

• Changed state: Started

[GoogleCodeExporter]

Original comment by sop@google.com on 15 Jul 2010 at 2:13

• Added labels: Milestone-2.1.4

[GoogleCodeExporter]

So thinking about it further, we don't want to disable the
feature altogether, doing so would prevent http:// style of
repository access.  The better way to do that is to support
turning off http:// access altogether, not by hiding the
password field in the web UI when LDAP is enabled.

So I'm closing this issue as completed since we now have a
way for a user to clear the password they accidentally made.

Original comment by sop@google.com on 15 Jul 2010 at 10:48

• Changed state: Fixed
• Added labels: FixedIn-2.1.4
• Removed labels: Milestone-2.1.4

[GoogleCodeExporter]

Original comment by sop@google.com on 28 Mar 2012 at 2:55

• Changed state: Released