[Mageia-sysadm] Invalid account

Thu Apr 28 10:08:08 CEST 2011

On Thu, Apr 28, 2011 at 01:42, Michael Scherer <misc at zarb.org> wrote:
+>> Would you be kind enough to erase my account when you have a little time. I'd
+>> like to get back my account with the same nickname : Petronov.
+>
+> Well, the question is "how can we be sure that the erasure demand is
+> legit". Ie, if the account is in used, we cannot check it ( unless we go
+> on every applications to seek ).
+
+Well, we need once more a policy about this.
+
+Could be:
+ - notifying each application of account removal, so that each app
+decide, after its own policy, either to drop the account and
+associated data, either to anonymize it (for better or worse) - that
+was the direction we aimed to at mdv;
+ - not doing anything, provided there's a warning at account creation
+about this - but that's unlikely to be a legal option in France where
+servers are hosted.
+
+Either way, an account removal/deletion process should include a
+double verification against the email account (sending a removal
+confirmation email with a time-limited action link that in turn,
+authenticates and asks again the user about removing the account).
+
+> I guess since the password was never changed, that the account was
+> indeed unused. I can either erase it, or change the email.
+>
+> For the record, here is the ldap query I used on valstar :
+> ldapsearch -L -h localhost -b "dc=mageia,dc=org" -D
+> "uid=misc,ou=People,dc=mageia,dc=org" -Z  -W
+> '(&(objectClass=inetOrgPerson)(!(pwdChangedTime=*)))' cn uid  mail
+>
+> We do have 27 non activated account, I guess we could decide to prune
+> them sooner or later ?
+
+Is there a way for a non-activated account to fetch back an activation
+link somehow? (in case of forgotten/deleted link)
+
+Without activation, 15 days could be enough, provided we can be sure
+the account has really not been used.
+
+Romain
+