blacklist system logins for aliases and logins

We blacklist based on three things: * blacklist in APP_CONFIG[:handle_blacklist] * emails in RFC 2142 * usernames in /etc/passwd The latter two can be allowed by explicitly whitelisting them in APP_CONFIG[:handle_whitelist]. We stick to blocking names that have been configured as both blacklisted and whitelisted - better be save than sorry.
author: Azul <azul@leap.se> 2013-10-17 12:05:26 +0200
committer: Azul <azul@leap.se> 2013-10-17 12:05:26 +0200
commit: 9f4b1bcf315f09fd6d302ad187281ec4ed443f04 (patch)
tree: f17d3bcda2b5ead308c21b6abef108153cd9fbf1 /config/defaults.yml
parent: a6f196d0bfe632408db7350829507478b825b1a8 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/config/defaults.yml b/config/defaults.yml
index 8d81668..66ec639 100644
--- a/config/defaults.yml
+++ b/config/defaults.yml
@@ -18,6 +18,11 @@ common: &common
   pagination_size: 30
   auth:
     token_expires_after: 60
+  # handles that will be blocked from being used as logins or email aliases
+  # in addition to the ones in /etc/passwd and http://tools.ietf.org/html/rfc2142
+  handle_blacklist: [certmaster, ssladmin, arin-admin, administrator, www-data, maildrop]
+  # handles that will be allowed despite being in /etc/passwd or rfc2142
+  handle_whitelist: []
 
 development:
   <<: *dev_ca
@@ -43,4 +48,4 @@ production:
   admins: []
   domain: example.net
   payment: []
-# logfile: /path/to/your/logs
+  # logfile: /path/to/your/logs
author	Azul <azul@leap.se>	2013-10-17 12:05:26 +0200
committer	Azul <azul@leap.se>	2013-10-17 12:05:26 +0200
commit	9f4b1bcf315f09fd6d302ad187281ec4ed443f04 (patch)
tree	f17d3bcda2b5ead308c21b6abef108153cd9fbf1 /config/defaults.yml
parent	a6f196d0bfe632408db7350829507478b825b1a8 (diff)