Educause Security Discussion
mailing list archives
Re: Password policy publication
From: Matthew Gracie <graciem () CANISIUS EDU>
Date: Wed, 29 Oct 2008 10:02:45 -0400
Valdis Kletnieks wrote:
And then there's the even more numerous sites that try to set up account
locking, but fail to do it for *every* place. Sure, your Windows boxes and
Active Directory may do locking - but did you check *every* web app that
does authentication to make sure it does it as well? Your webmail server?
Those 5 creeping horror applications that Student Billing runs to let
students look at their bills online? And so on...
Overheard in almost every Unix machine room at some point or another:
"Hey, how long has this LDAP-authenticating machine been running XDMCP?"
Matt Gracie (716) 888-8378
Information Security Administrator graciem () canisius edu
Canisius College ITS Buffalo, NY
- Re: Password policy publication, (continued)