#1683: Refuse to create an OSGeo UserID associated with the email address of an
already existing user
---------------------------+--------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Keywords: ldap, userid
---------------------------+--------------------------
In order to reduce possible email abuse we should forbid the creation of
multiple users associated with the same email. This is to allow for email-
based recognition of fake/malicious users, for example.
Also, users that create a new account with the same email might be just
missing a "password reset" procedure instead, so it would be better to
propose an alternative.
#1683: Refuse to create an OSGeo UserID associated with the email address of an
already existing user
---------------------------+--------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: ldap, userid |
---------------------------+--------------------
Comment (by strk):
When refusing to create such an account, a message should clearly state
how to contact an administrator, as with the mantra-based registration in
its current incarnation.
#1683: Refuse to create an OSGeo UserID associated with the email address of an
already existing user
---------------------------+--------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: ldap, userid |
---------------------------+--------------------
Comment (by strk):
When refusing to create such an account, a message should clearly state
how to contact an administrator, as with the mantra-based registration in
its current incarnation.
+1 we should not allow multiple accounts for the same email address.
Rather we should implement an email based password reset.
As recently reported (I think) I did write a script for password
reset. It's not exposed on the web, but is available as a script
to those having root access to the "web" machine. Feel free to
ticket that one if not already ticketed (web based reset).
How to prevent gathering of mass email addresses would be another
thing to keep in mind for _this_ specific ticket. But why are
we talking on the list rather than in the ticket ? Simpler to reply ?
We may want to add setup email2trac
(#897 (Install email2trac) – OSGeo)
Or if you're a mutt user you might like: strk's projects - cartman-mutt