From: John Stracke <francis(_at_)ecal(_dot_)com>
It's hard to know when a username is truely defunct.
Depends on the corporation. At Netscape, we had an LDAP server that ruled
everything: email, NT and NFS fileservers, phones, and key cards. When someone
left the company, HR updated the LDAP server, and that username was gone
*everywhere*.
The use of LDAP or any other technical mechanism is an indicator and
not a determinator of when a username is truly defunct, because the
death of a username is the result of a non-technical decision.
Recall the point concerns whether the the mapping of username->person
is close well defined in the mathematical sense. If Netscape was
as reluctant to re-issue usernames as most outfits, then it counts
as one that had trouble knowing when a username was truly defunct,
and so helped keep the (username,person) mapping well defined.
I somehow doubt that Netscape's RCS or other source control archives were
rewritten to remove the references to old usernames. I bet that I could
list a dozen usernames that could never have been re-issued to engineers
at Netscape. While those usernames might be turned off via LDAP, they
probably could never be made truly defunct. (Never mind that I suspect
Netscape had plenty of people who ran their own /etc/aliases and
/etc/passwd files that were not disabled by any central LDAP servers.
Judging from their private words to outsiders, some of those people were
not exactly impressed or thrilled by the activities of the network
administrators at Netscape.)
Vernon Schryver vjs(_at_)rhyolite(_dot_)com