[rt-users] urgent: disable search for new watchers

[Jerrad Pierce]

>     Yes, but you can keep them out of other accounts by removing so many
> global privileges and making them "Queue-level" privileges. That way, no one
> can get into a Queue unless specifically allowed to by privileges.
I think you missed the "crack" part.

If I can get a list of usernames on a system, it's that much easier to run a
dictionary attack against. So joeblow sees that admin1 is a valid account,
starts guessing passwords and eventually ends up logged in as admin1.
Farfetched, and not the most probable scenario/target(RT), but possible.

-- 
Cambridge Energy Alliance: Save money. Save the planet.