Jerrad,
Yes, but you can keep them out of other accounts by removing so many
global privileges and making them "Queue-level" privileges. That way, no
one can get into a Queue unless specifically allowed to by privileges.
Kenn
LBNL
On 6/18/2009 8:31 AM, Jerrad Pierce wrote:
On Thu, Jun 18, 2009 at 11:27, Ken Crocker<kfcroc...@lbl.gov> wrote:
Why is it a security issue? If your privileges are allowing them to
go to a user "Preferences", then I understand, but to just know what
UserIds are on the system doesn't seem like a big deal to me.
It gives them in a edge into trying to crack other accounts, because
they then already have half the authentication pair. On the other hand,
they can already determine the name of a privileged user by looking at
who owns their ticket or otherwise converse with them via RT.
_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
