Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.When users log in using DA, their username on the system becomes the pattern they used to login, such as, say "killes@www.drop.org" :)
Unfortunately, if killes had an email address on mail.drop.org (which responded to www.drop.org as well), then you've just published an email address. I have not used my own Drupal site as the source for DA logins on other Drupal sits for this very reason.
I've noticed that drupal.org truncates the login with "..." now, but on going to the user's page, it still displays the string in its entirety.
It seems like the best thing to do would be to display the user name as a combination of "user from sitename", or something just as identifiable, and not as the literal "user@site.domain.foo" in order help prevent spamming. The user@site.domain pattern would still be viewable from the adminstration pages, but not from content pages.
Comments
Comment #1
catchopen id will replace distributed auth.