Opened 6 years ago
Last modified 5 months ago
#2208 new task
ldap account name security
Reported by: | cvvergara | Owned by: | cvvergara |
---|---|---|---|
Priority: | normal | Milestone: | |
Component: | SysAdmin/LDAP | Keywords: | |
Cc: |
Description (last modified by )
Somewhere should advise to:
- Not use a nickname as an LDAP account, its giving half of the information to login (the other half is the password)
https://www.wpwhitesecurity.com/hide-wordpress-usernames-improve-wordpress-security/
Probably related to #2207 Users might want to use the nickname as permalink and their LDAP account is their nickname.
Change History (2)
comment:1 by , 6 years ago
Component: | Systems Admin → WebSite |
---|---|
Owner: | changed from | to
comment:2 by , 5 months ago
Component: | WebSite → SysAdmin/LDAP |
---|---|
Description: | modified (diff) |
Note:
See TracTickets
for help on using tickets.
I've to say I find using nickname as LDAP username is very useful to find each other. Remmeber we support LDAP usernames to mention people in Trac. For instance I could write cvvergara in the Cc field of this ticket to ensure you get email notifications.
Requiring longer passwords and maybe password expiration would be good security improvements. Ticket #1680 might provide both.