[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AD and enforced password policies
- Subject: AD and enforced password policies
- From: mansaxel at besserwisser.org (Måns Nilsson)
- Date: Wed, 4 Jan 2012 10:03:28 +0100
- In-reply-to: <CAAAwwbV+xNzhtGkSB=9uYky2AAHwErtCkcsTTYRe-Z18mV=GFQ@mail.gmail.com>
- References: <E36EB8E60B5EB244AAFCFEF0AF0A116D0310620699@MS-EX7MB-P03.corp.se.sempra.com> <CAAAwwbUXNEUCqirVE+KidGVjn2nt=r_rY5EhBu_w7uQXcZEh_g@mail.gmail.com> <CC75EEBF17C7374EA8309102B7B10C848601B7D0@SHSBS.shenrons-house.local> <[email protected]> <CAAAwwbV+xNzhtGkSB=9uYky2AAHwErtCkcsTTYRe-Z18mV=GFQ@mail.gmail.com>
Subject: Re: AD and enforced password policies Date: Tue, Jan 03, 2012 at 10:58:35PM -0600 Quoting Jimmy Hess (mysidia at gmail.com):
> Manual forced immediate password expiration should be in the security
> admin's toolbox as a possible response to observation of questionable or
> potentially remotely suspicious activity on a system that user had been
> logged into recently.
Indeed. If doubt arises, just change. Have been on the fringe of a kdc
compromise. 10000 students and faculty were required to show up in person
and change on approved terminals.
--
M?ns Nilsson primary/secondary/besserwisser/machina
MN-1334-RIPE +46 705 989668
Wow! Look!! A stray meatball!! Let's interview it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20120104/f126afac/attachment.bin>