[unisog] ID Recycling: Yes/No?

Hiris, Jeffrey Richard Jeffrey_Hiris at brown.edu
Fri May 5 20:48:53 GMT 2006 

Hi Bill:

sorry, can't e-mail direct--I can't find an address on this post...  ;-)

however, just FYI, remember that there are usually multiple levels of
IDs in any large enterprise.  At Brown, folks have, amongst other
things, a University ID number, which is never reused; a network ID,
which is probably never re-used, but only generally meaningful when a
user is logging in; the various user IDs which work with ACLs for
specific systems; and of course aliases like those for e-mail.  It would
be a very bad idea for e.g. an e-mail alias to drive a filesystem ACL;
if you avoid such linkages, then re-using the human-readable ids is a
different issue from re-using the id-relevant IDs.  

(I should probably note that I'm a lower-level Admin, not one of the
central Brown maintainers--but that's how the system appears from the
"outside.")

'luck

Jeff

> -----Original Message-----
> From: unisog-bounces at lists.sans.org 
> [mailto:unisog-bounces at lists.sans.org] On Behalf Of Bill Martin
> Sent: Friday, May 05, 2006 3:19 PM
> To: unisog at lists.sans.org
> Cc: Bill Martin
> Subject: [unisog] ID Recycling: Yes/No?
> 
> We are reevaluating our current ID provisioning process, and 
> as a result, there are two separate camps that have emerged, 
> each with their various pros and cons.  I'm curious as to how 
> other institutions are handling this:
> 
> 1 - What is the current ID scheme that is being used 
> (fullname; lastname,firstname; 
> first-initial,middle-initial,lastname, etc) and max length of IDs
> 3 - Are IDs recycled (reused after a period of time)? 
> 	2a - If so, how much time expires between the time the 
> person is no longer affiliated with the organization and the 
> locking of the account. How long between locking and 
> expiration? How long between expiration and removal from the 
> system? How long between removal and reuse?
> 	2b - If you are not recycling IDs, is there technical 
> reasons (server limitations, etc) or a social obstacles (the 
> VP wants his ID to match his name, regardless of who had it before)
> 
> If you don't feel comfortable responding to the entire list, 
> feel free to e-mail me direct. Any information would be 
> greatly appreciated.  I'll be happy to share any result 
> summaries w/ the group as well.
> 
> As always, thanks in advance
> 
> Bill Martin
> Sr. Systems Analyst
> Information Technology and Services
> Loyola University Chicago
> 
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
>

More information about the unisog mailing list