Issue #3957: The Synchronizing time with KDC... message looks strange between login and password prompts - freeipa

freeipa

#3957 The Synchronizing time with KDC... message looks strange between login and password prompts

Closed: Fixed None Opened 10 years ago by adelton.

Entering credentials is usually done as one operation. It seems strange that ipa-client-install asks for user name, then synchronizes time which introduces small delay, then asks for password:

Continue to configure the system with these values? [no]: yes
User authorized to enroll computers: admin
Synchronizing time with KDC...
Password for admin@REALM.COM: 
Successfully retrieved CA cert

Unless there is a strong technical reason to know the user name before the time sync or not to ask for the password before the time sync, I propose to change the orde either to

User authorized to enroll computers: admin
Password for admin@REALM.COM: 
Synchronizing time with KDC...

or to

Synchronizing time with KDC...
User authorized to enroll computers: admin
Password for admin@REALM.COM:

In other words, when login is prompted for and entered, without any delay password prompt should appear if the password is needed.

dpal commented 10 years ago

Unusual but not critical. In future this can be an OTP prompt rather than password prompt and making sure time is correct on both sides might be more critical. I do not see a big problem with a slight delay. Banks now prompt people for user name on one page and then for password on another. It is a common practice. I would think that decoupling the prompts and getting people used to it is a benefit rather than a hassle. The trend of prompting for user and password independently should continue. We should make it more usable if there are usability concerns but IMO we should not be trying to push people back to traditional notion of "user name and password are always together". They are not.