We should definitely do regular pruning of inactive accounts. We should also discuss whether we should implement a password expiration policy.
Note that this includes some of the service accounts that we have, like our various non-human FAS accounts, our bugzilla account, etc.
Also discuss adding password complexity requirements to FAS. We currently only have a min length requirement of 8 - what's a good line between enforcing good passwords vs. putting too many restrictions?
Sorry I'm turning this into a dumping ground of ideas - but need to audit what FAS should send emails on
We need FAS to email notifications on yubikey changes and password resets or changes of any kind.
sysadmin-cloud arjunroy sysadmin-cloud hbrock sysadmin-cloud lutter sysadmin-cloud pmyers sysadmin-cloud sheid sysadmin-cloud slinabery sysadmin-cloud sseago
sysadmin-dba mikeb
sysadmin-devel davivercillo sysadmin-devel huzaifas sysadmin-devel itbegins sysadmin-devel ivazquez
sysadmin-hosted huzaifas sysadmin-hosted jaxjax
sysadmin-main mikeb
sysadmin-noc badone sysadmin-noc billchen sysadmin-noc ggruener sysadmin-noc huzaifas sysadmin-noc jdieter sysadmin-noc jorn sysadmin-noc kanarip sysadmin-noc rigeld2 sysadmin-noc sgrubb sysadmin-noc sheid sysadmin-noc wakko666 sysadmin-noc yingbull
sysadmin-spin maxamillion sysadmin-spin sandeen
sysadmin-test akistler sysadmin-test anujmore sysadmin-test badone sysadmin-test drak sysadmin-test emichan sysadmin-test huzaifas sysadmin-test itbegins sysadmin-test jhutar sysadmin-test jtluka sysadmin-test kanarip sysadmin-test mapleoin sysadmin-test marcelomgarcia sysadmin-test matheo sysadmin-test mbacovsk sysadmin-test mganisin sysadmin-test schendje sysadmin-test zc00gii
sysadmin-tools huzaifas sysadmin-tools santosp sysadmin-tools tgalyean
sysadmin-web adrian sysadmin-web akistler sysadmin-web asgeirf sysadmin-web badone sysadmin-web glezos sysadmin-web huzaifas sysadmin-web ivazquez sysadmin-web johnp sysadmin-web jokajak sysadmin-web jorn sysadmin-web mbacovsk sysadmin-web wakko666 sysadmin-web yingbull sysadmin-web zoglesby
We decided to do prunings on sysadmin* groups per cycle. See: https://fedoraproject.org/wiki/Infrastructure_post_release_housekeeping
As to a wider housecleaning on inactive accounts, perhaps we should ask the Board if this is something they would like us to do?
Login to comment on this ticket.