[unisog] ID Recycling: Yes/No?
Jeffrey Altman
jaltman at columbia.edu
Fri May 5 19:32:57 GMT 2006
Do not recycle IDs unless you have a way of ensuring that those
IDs are removed from all authorization databases and ACLs when
the ID is locked.
Bill Martin wrote:
> We are reevaluating our current ID provisioning process, and as a
> result, there are two separate camps that have emerged, each with their
> various pros and cons. I'm curious as to how other institutions are
> handling this:
>
> 1 - What is the current ID scheme that is being used (fullname;
> lastname,firstname; first-initial,middle-initial,lastname, etc) and max
> length of IDs
> 3 - Are IDs recycled (reused after a period of time)?
> 2a - If so, how much time expires between the time the person is
> no longer affiliated with the organization and the locking of the
> account. How long between locking and expiration? How long between
> expiration and removal from the system? How long between removal and
> reuse?
> 2b - If you are not recycling IDs, is there technical reasons
> (server limitations, etc) or a social obstacles (the VP wants his ID to
> match his name, regardless of who had it before)
>
> If you don't feel comfortable responding to the entire list, feel free
> to e-mail me direct. Any information would be greatly appreciated. I'll
> be happy to share any result summaries w/ the group as well.
>
> As always, thanks in advance
>
> Bill Martin
> Sr. Systems Analyst
> Information Technology and Services
> Loyola University Chicago
>
>
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3256 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.dshield.org/pipermail/unisog/attachments/20060505/1a79c176/smime.bin
More information about the unisog
mailing list