summaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2013-10-17 12:05:26 +0200
committerAzul <azul@leap.se>2013-10-17 12:05:26 +0200
commit9f4b1bcf315f09fd6d302ad187281ec4ed443f04 (patch)
treef17d3bcda2b5ead308c21b6abef108153cd9fbf1 /config
parenta6f196d0bfe632408db7350829507478b825b1a8 (diff)
blacklist system logins for aliases and logins
We blacklist based on three things: * blacklist in APP_CONFIG[:handle_blacklist] * emails in RFC 2142 * usernames in /etc/passwd The latter two can be allowed by explicitly whitelisting them in APP_CONFIG[:handle_whitelist]. We stick to blocking names that have been configured as both blacklisted and whitelisted - better be save than sorry.
Diffstat (limited to 'config')
-rw-r--r--config/defaults.yml7
1 files changed, 6 insertions, 1 deletions
diff --git a/config/defaults.yml b/config/defaults.yml
index 8d81668..66ec639 100644
--- a/config/defaults.yml
+++ b/config/defaults.yml
@@ -18,6 +18,11 @@ common: &common
pagination_size: 30
auth:
token_expires_after: 60
+ # handles that will be blocked from being used as logins or email aliases
+ # in addition to the ones in /etc/passwd and http://tools.ietf.org/html/rfc2142
+ handle_blacklist: [certmaster, ssladmin, arin-admin, administrator, www-data, maildrop]
+ # handles that will be allowed despite being in /etc/passwd or rfc2142
+ handle_whitelist: []
development:
<<: *dev_ca
@@ -43,4 +48,4 @@ production:
admins: []
domain: example.net
payment: []
-# logfile: /path/to/your/logs
+ # logfile: /path/to/your/logs