diff options
author | Azul <azul@leap.se> | 2013-10-17 12:05:26 +0200 |
---|---|---|
committer | Azul <azul@leap.se> | 2013-10-17 12:05:26 +0200 |
commit | 9f4b1bcf315f09fd6d302ad187281ec4ed443f04 (patch) | |
tree | f17d3bcda2b5ead308c21b6abef108153cd9fbf1 /config | |
parent | a6f196d0bfe632408db7350829507478b825b1a8 (diff) |
blacklist system logins for aliases and logins
We blacklist based on three things:
* blacklist in APP_CONFIG[:handle_blacklist]
* emails in RFC 2142
* usernames in /etc/passwd
The latter two can be allowed by explicitly whitelisting them in APP_CONFIG[:handle_whitelist].
We stick to blocking names that have been configured as both blacklisted and whitelisted - better be save than sorry.
Diffstat (limited to 'config')
-rw-r--r-- | config/defaults.yml | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/config/defaults.yml b/config/defaults.yml index 8d81668..66ec639 100644 --- a/config/defaults.yml +++ b/config/defaults.yml @@ -18,6 +18,11 @@ common: &common pagination_size: 30 auth: token_expires_after: 60 + # handles that will be blocked from being used as logins or email aliases + # in addition to the ones in /etc/passwd and http://tools.ietf.org/html/rfc2142 + handle_blacklist: [certmaster, ssladmin, arin-admin, administrator, www-data, maildrop] + # handles that will be allowed despite being in /etc/passwd or rfc2142 + handle_whitelist: [] development: <<: *dev_ca @@ -43,4 +48,4 @@ production: admins: [] domain: example.net payment: [] -# logfile: /path/to/your/logs + # logfile: /path/to/your/logs |