A few time ago I've proposed a change to add login on external authorities without letting user know about wich authority he's logging in. The whole discussion is here: http://www.openacs.org/forums/message-view?message_id=3430326
I got Carl's and Dave's comments about design changes in the system, and change the users table to have an unique username is not a good idea, concerning the huge amount of users that do not agree with this.
I'm running my system for a while with the changes I've proposed (add -cascade to acs_user::get_by_username) and everything seemed to be working fine until now. These days I got an issue that I didn't think about, and I guess I should share this with you.
The problem happens when you use the parameter UseEmailForLoginP set to 1, so the users can login with the e-mail. Aparently when the user is created the username field on users table is set to the e-mail, and everything works fine by then. The problem happens when user changes the e-mail, and username is not changed to the new e-mail. When you look for this new e-mail, you can't find it and user can't login.
I guess there should be some time of check everytime the mail is changed and this parameter is set to 1. Of course, we can't add a foreign key or a trigger to the DB, but I was thinking about change the update_local_account API to make this check.
Any comments on this?