Opened 6 years ago

Last modified 5 months ago

#2208 new task

ldap account name security

Reported by: cvvergara Owned by: cvvergara
Priority: normal Milestone:
Component: SysAdmin/LDAP Keywords:
Cc:

Description (last modified by strk)

Somewhere should advise to:

  • Not use a nickname as an LDAP account, its giving half of the information to login (the other half is the password)

https://www.wpwhitesecurity.com/hide-wordpress-usernames-improve-wordpress-security/

Probably related to #2207 Users might want to use the nickname as permalink and their LDAP account is their nickname.

Change History (2)

comment:1 by cvvergara, 6 years ago

Component: Systems AdminWebSite
Owner: changed from sac@… to cvvergara

comment:2 by strk, 5 months ago

Component: WebSiteSysAdmin/LDAP
Description: modified (diff)

I've to say I find using nickname as LDAP username is very useful to find each other. Remmeber we support LDAP usernames to mention people in Trac. For instance I could write cvvergara in the Cc field of this ticket to ensure you get email notifications.

Requiring longer passwords and maybe password expiration would be good security improvements. Ticket #1680 might provide both.

Note: See TracTickets for help on using tickets.