[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Devel] Username blacklist when autogenerating names

To: devel@xxxxxxxxxxxxx
Subject: [Devel] Username blacklist when autogenerating names
From: Petter Reinholdtsen <pere@xxxxxxxxxx>
Date: Thu, 7 Aug 2003 17:58:55 +0200
List-archive: <https://init.linpro.no/pipermail/skolelinux.no/devel/>
List-help: <mailto:devel-request@skolelinux.no?subject=help>
List-id: <devel.skolelinux.no>
List-post: <mailto:devel@skolelinux.no>
List-subscribe: <https://init.linpro.no/mailman/skolelinux.no/listinfo/devel>, <mailto:devel-request@skolelinux.no?subject=subscribe>
List-unsubscribe: <https://init.linpro.no/mailman/skolelinux.no/listinfo/devel>, <mailto:devel-request@skolelinux.no?subject=unsubscribe>
Sender: devel-admin@xxxxxxxxxxxxx

It just occured to me today that no one have been talking about the
need for a username blacklist when generating usernames automatically.
The list must contain all system users, and a few words that should be
avoided when creating usernames.  It should also be easy for the
teachers to extend the list.  Examples of names to avoid are 'root',
'bin' and 'bastard'.  There are several others, and the names to avoid
are language dependant.

Similar measurements should be taken when generating passwords.  A
friend of mine once recieved an autogenerated username/password (from
the system he was administrating), where the username was OK, but the
password was the Norwegian work "hore".  He was a bit surprised and
convinced that someone was pulling his leg, but it was just a
coincident.  I am sure several teachers and studends will be surprised
as well if their password contain bad language. :)

Prev by Date: [Devel] Re: seperation of GUI and the rest (was: CVS update: skolelinux/src/webmin-ldap-skolelinux/lang en
Next by Date: [Devel] Finally I managed to subscribe...
Previous by thread: [Devel] new version of wls for testing
Next by thread: [Devel] Finally I managed to subscribe...
Index(es):
- Date
- Thread