“Top Hackers”…

I was just going back through a very old folder of reference emails, and came across my initial bugzilla.mozilla.org registration email, from 10th January 2000:

To use the wonders of bugzilla, you can use the following:

E-mail address: gervase.markham@univ.ox.ac.uk
Password: wjcpekyy

To change your password, go to:
http://bugzilla.mozilla.org/changepassword.cgi

(Your bugzilla and CVS password, if any, are not currently synchronized.
Top hackers are working around the clock to fix this, as you read this.)

The top hackers are clearly on extended hiatus because, eight years later, we still don’t have a single auth backend for Bugzilla and source control :-)

No, of course that’s not my current Bugzilla password.

21 thoughts on ““Top Hackers”…

  1. I wonder why. Bugzilla supports LDAP authentication, which is where the source control authentication is these days. I would have thought it would just be a matter of switching it on.

  2. Mossop: Besides “just switching it on,” all of the existing users in Bugzilla would need to be imported into LDAP first, and duplicates resolved, and so forth. It’s a big job, that’s why it keeps getting stalled. I’m told it’s still in the plans, just no idea how soon.

  3. Dave: Just to be clear, this post isn’t a criticism, just an amusing observation. I don’t think the project suffers greatly from not being able to share passwords between the two. If people want the two passwords the same (which is what it boils down to) then they can set them as such.

  4. Dave, sorry didn’t mean to sound like it was quite that simple. But my understanding is that bugzilla can cope with multiple auth schemes so those in LDAP would get validated against that and the rest against the DB still. So there shouldn’t need to be any importing into LDAP I think. I guess mapping between the two might be some kind of problem.

  5. Gerv: Don’t worry, I didn’t take it as criticism. I found it rather amusing personally (just as you did when you found it, I’m sure).

    Mosop: Hmm, actually, you’re right. We could check LDAP first for the user’s password and fall back on the database version if they’re not in LDAP, and that would settle it. But yeah, we do need some field in LDAP to match existing LDAP users to their Bugzilla account I suppose, since lots of people use different addresses there for mail filtering purposes.

  6. OpenID is not the proper solution here, however supporting OpenID would be nice. What is needed is a federation between the two account stores – i.e. single sign on. OpenID merely provides a method of authenticating to the account.

    I would like to be able to log in with OpenID since my provider supports multi-factor authentication rather than just simple username/password, which is a rather insecure.