Solved: Re: Special Character change in R81.10 JHF 96

C_H

Hello Everyone,

I recently came across the limitation described in https://support.checkpoint.com/results/sk/sk183201:

After installing JHF96+ for R81.20, a "." (dot) in a username is a problem for WebUI Login and logging in with a username with a dot no longer works (SSH is unaffected of this).

To be fair, I checked the documentation and only "-" and "_" are mentioned as allowed special characters in usernames (I looked in the GAiA Admin Guide R80.40, R81, R81.10 and R81.20), but I know several environments where dots are used in the admin name concept and have worked without problems so far

What are your opinions?

Best Regards

Colin

Ambar

Hi Colin, the agenda here is enhance the security for GAiA portal

The option for this is the enforce your environment and align the users

View solution in original post

Ambar

Hi Colin, the agenda here is enhance the security for GAiA portal

The option for this is the enforce your environment and align the users

joerivang

Within our environment and our naming convention, we have dots in our admin usernames.

Enforcing and aligning this in an enterprise where 5k+ accounts have this character in the username is easier said than done. So we'll have to figure something out at the moment.. as the naming convention will not change because one vendor decided otherwise.

joth

Hi, denying dots in usernames is really a bad idea. The dot is one of the most used separators in usernames. I know already of some customers, which are affected by this. Implementing 2FA for the Gaia WebUI is great, but I don't see why this limits the set of allowed charcters in the username.

Changing the usernames in a company with thousands of accounts is a major change.

CP RnD could you please check again, if you can remove this limitation? Otherwise there will be issues with a lot of customers in the next months.

BR

joth

the_rock

I agree with you, for sure. I also believe that limitation should be removed.

Andy

C_H

Hi Ambar,

Yes, security is important, but from my point of view, a very widespread username concept (usernames with a dot) was made unusable in favor of a new feature (TOTP 2FA for GAiA) or rather its security.

We know that many of our customers use a dot in their usernames, which is nothing unusual from our point of view.

If I had to guess, this will become a bigger issue in the future, as the installbase of R81.20 JHF 96+ is currently not that big.

Best Regards

Colin

Stephan_Scholz

I agree that this is a very bad idea. Using dots in username is typical and widespread. Even though this is obviously limited to Gaia web GUI, it's simply a bad idea. This will affect many environmentsa and they are in for a bad surprise.

Ambar

Hi, I'll start with that we are taking internally the option for you to enable "."

as this affects only GAiA portal non local users, the affect of modification shouldn't be such extensive as the access to GAiA portal should be limited and not for the entire organization

the_rock

@Ambar

Just my logical suggestion...I can totally see where @C_H @joth @joerivang are coming from. If you think about it, say company even with 100 users, let alone 1000s, that is a HUMONGOUS change.

If CP could offer customers say custom fix for the time being and then have this corrected in later jumbo, that would probably be okay with clients who have lots of users with . in their Gaia usernames.

Anyway, something to consider...

Andy

the_rock

I noticed that too when I installed it in the lab, but figured must have been something I did. Glad to know its by design.

Andy

Are you a member of CheckMates?

Special Character change in R81.20 JHF 96