[Mageia-sysadm] Invalid account

Romain d'Alverny rdalverny at gmail.com
Thu Apr 28 10:08:08 CEST 2011


On Thu, Apr 28, 2011 at 01:42, Michael Scherer <misc at zarb.org> wrote:
>> Would you be kind enough to erase my account when you have a little time. I'd
>> like to get back my account with the same nickname : Petronov.
>
> Well, the question is "how can we be sure that the erasure demand is
> legit". Ie, if the account is in used, we cannot check it ( unless we go
> on every applications to seek ).

Well, we need once more a policy about this.

Could be:
 - notifying each application of account removal, so that each app
decide, after its own policy, either to drop the account and
associated data, either to anonymize it (for better or worse) - that
was the direction we aimed to at mdv;
 - not doing anything, provided there's a warning at account creation
about this - but that's unlikely to be a legal option in France where
servers are hosted.

Either way, an account removal/deletion process should include a
double verification against the email account (sending a removal
confirmation email with a time-limited action link that in turn,
authenticates and asks again the user about removing the account).

> I guess since the password was never changed, that the account was
> indeed unused. I can either erase it, or change the email.
>
> For the record, here is the ldap query I used on valstar :
> ldapsearch -L -h localhost -b "dc=mageia,dc=org" -D
> "uid=misc,ou=People,dc=mageia,dc=org" -Z  -W
> '(&(objectClass=inetOrgPerson)(!(pwdChangedTime=*)))' cn uid  mail
>
> We do have 27 non activated account, I guess we could decide to prune
> them sooner or later ?

Is there a way for a non-activated account to fetch back an activation
link somehow? (in case of forgotten/deleted link)

Without activation, 15 days could be enough, provided we can be sure
the account has really not been used.

Romain


More information about the Mageia-sysadm mailing list