Fedora Account Change
Tristan Santore
tristan.santore at internexusconnect.net
Fri Jun 1 18:33:28 UTC 2012
On 01/06/12 18:35, Fabio M. Di Nitto wrote:
> On 5/30/2012 1:37 PM, Chris Dix wrote:
>> Fabio,
>>
>> If you implement a password recovery feature, that would email the new
>> password to the user. That does no good if they don't have access to
>> their email account.
>>
>> We probably do want an alternate email that can be used for these
>> situations.
>
> I don´t think we understood each other :)
>
> I am suggesting that every user in fas has 2 emails registered, one
> primary one backup. Both active at the same time. If you lose access to
> one email and password to fas, you still have one backup email address
> that is recognized for password recovery.
>
> <sarcasm>
> If the user can manage to lose password, and access to 2 emails at the
> same time, I am not entirely sure I´d want his packages to be installed
> on my system.
> </sarcasm>
>
> The point being that there is already all the code there written to
> handle one email address, and it would be enough to make it understand
> backup address vs rewriting a whole new chunk of code for security
> questions, store them, hash answers, crypt the db... etc.
>
> Fabio
>
>>
>> Chris
>>
>> On May 30, 2012 3:41 AM, "Fabio M. Di Nitto" <fdinitto at redhat.com
>> <mailto:fdinitto at redhat.com>> wrote:
>>
>> On 5/29/2012 11:45 PM, Andre Robatino wrote:
>> > Kevin Fenzi <kevin at ...> writes:
>> >
>> >> I think adding a 'security question(s)' feature would be great.
>> >>
>> >> I would strongly suggest however that the questions and answers
>> be free
>> >> form. There's little security in canned security questions that have
>> >> answers people can find out. ie, 'What was your high school?'
>> >
>> > I just use a password manager and if a site forces me to answer
>> "security"
>> > questions, I put them in the Notes section using strong random
>> passwords for the
>> > answers. For example
>> >
>> > What was your high school? 48ZGrNaDQR75
>> >
>> > I think the security questions should be optional in any case to
>> save the
>> > trouble of having to make and store several strong random
>> passwords rather than
>> > just one.
>>
>> Or maybe have primary (company?) email and private email registered.
>>
>> Instead of re-inventing a whole new chunk of code by introducing a
>> security question and all, simple allow 2 emails to be valid at any
>> given time.
>>
>> Fabio
>> _______________________________________________
>> infrastructure mailing list
>> infrastructure at lists.fedoraproject.org
>> <mailto:infrastructure at lists.fedoraproject.org>
>> https://admin.fedoraproject.org/mailman/listinfo/infrastructure
>>
>>
>>
>> _______________________________________________
>> infrastructure mailing list
>> infrastructure at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/infrastructure
>
> _______________________________________________
> infrastructure mailing list
> infrastructure at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/infrastructure
If a user maintains packages, he will know how to use a public key ;-p.
And as such know gnupg and how to sign emails with his private key.
People should just remember to put in their public keys.
The only reason why I was so vocal about the user asking about a change
was, that he is a former red hat employee and as such should receive a
common courtesy of going the extra mile. As long as he contacts his
supervisor/manger/HR person who can verify that he is who he claims to be.
With other people this would be harder.
Regards,
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore at internexusconnect.net
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore at fedoraproject.org
More information about the infrastructure
mailing list