Open aputtu opened 1 month ago
Thanks for summarizing the issues. There are some subtle details not entirely accurate or fully covered but the points stand.
We could additionally consider one or more of the following for external user accounts:
We may still want to involve email with links (like password reset) or prompt for the existing password in 11+12 to help prove that it's really the owner sitting at the computer. The link to authenticated renew is already included in the expire warning email, so if users renew with that link before the account access expires, they are allowed to change password in the process. We might also want to trigger an email to the account owner when password was changed to at least warn about any hijacking, e.g. if the computer was left unlocked in public places.
Administrating renewal of external users
When handling renewal requests from external users, we run into issues from time to time. In order to address these, we have a few manual steps, and also up to four parties involved. In worst case requires extra time from (A) external user, (B) peer contact through questions from external user, (C) support, and (D) operator, and say an account renewal can take several business days.
The following describes issues that have been observed in the support and discussed with operators of migrid instance.
Password issues
When external user accounts are about to expire, they get asked to renew through a sign up form. The form allows for entering a new password. There are then a form password and the existing, valid account password in play, which leads to trouble in further handling of the renewal request.
Three password related scenarios using migadmin.py web interface The following is as seen from support side of things:
Password renewals involves manual processing in support
Users can request password renewals through migrid instance using the "Forgot Password?" link. The request is processed through the migadmin.py web interface. This could be automated.
Dual account issues
Users can access a semi-automatically filled form, where name, organization, ... are filled out. They access the form through a link mailed to them. Users are instructed on not to change the information. However, if they have changed their legal name, organization, or similar and edits the fields, the account gets interpreted as a new account request.
Root causes
Suggestions for addressing the issues
The suggestions are partly mutually complimentary and partly mutually exclusive. Either suggestion 0 or 3+7 together are deemed to be two principled and more fool-proof solutions, but based on limited knowledge of the internal workings of the migrid instance. Suggestions 1-6 taken together can be seen as patching up the framework, but perhaps also points to unnecessary complexity in current setup.